JULY/AUGUST 2012

EVENTS | TECH TIPS | TRAINING | SUPPORT

System Platform and Virtualisation

The Cloud. Here to stay or fading drizzle?

Virtual Reality in the Process Industry

Cyber security and the Power industry

The Economics of the Cloud

Virtualisationnot all smoke and mirrors

Getting to grips

with what’s unreal

011 510 0340 | information@advansys.co.za | www.advansys.co.za

▪ Process analysis and

performance optimisation

▪ Control system design,

specification and project

management

▪ Instrumentation

specification and installation

▪ PLC solutions

▪ SCADA / HMI solutions

▪ S88 Batch solutions

▪ S95 MES and “vertical”

integration solutions

▪ Reporting solutions

▪ Manufacturing Intelligence

solutions

▪ Software Applications

solutions

Advansys provides

specialised Industrial

Control and Automation

Engineering and

Consulting services to

the manufacturing and

utilities sectors throughout

Southern Africa.

Our services include:

Award winning innovation in HMI / SCADA Implementation

upgrade to advansys

Advansys invites you to contact us for Wonderware related

project initiatives and software licensing as follows:

1. HMI / SCADA Standards Design

and Development

2. ArchestrA System Platform Implementations

3. Production / KPI Reporting Solutions

4. Wonderware Licensing

5. Wonderware aligned Customer First Support

package with your annual renewal

InnovatIon award 2009 / BESt EMI aPPLICatIon 2009

toP SI award 2010 / BESt HMI aPPLICatIon 2010 /

toP SI award 2011

Advansys invites you to contact us for Wonderware related Advansys invites you to contact us for Wonderware related

project initiatives and software licensing as follows:

Advansys invites you to contact us for Wonderware related

project initiatives and software licensing as follows:

July/August 2012 | 1

Facebook: Wonderware Southern AfricaTwitter: WonderwareSAYouTube: WonderwareSA

www.protocolmag.co.za

Protocol MagazineOwner and Publisher: Invensys Operations Management Southern Africa

Marketing Manager: Jaco Markwat jaco.markwat@invensys.co.za

Editor: Denis du Buisson, GMT Servicesddb@iafrica.com

Advertising Sales: Heather Simpkins, The Marketing Suiteheather@marketingsuite.co.za

Distribution:Nikita Wagner nikita.wagner@invensys.co.za

ContributorsMany thanks to the following for their contributions to this issue of the magazine:

Contents2 Editor’s notes

3 Virtualisation and the ArchestrA System Platform

4

Invensys fi rst to support virtualisation technologies for High Availability and Disaster Recovery

5 About System Platform - your base for operational excellence

7 Getting started with System Platform and virtualisation

10 Virtualising the ArchestrA System Platform

12 Availability

14 Disaster Recovery

15 High Availability with Disaster Recovery

16 The economics of the cloud

30 The cloud ... here to stay or fading drizzle?

33 An African cloud

34 The role of virtual reality in the process industry

42 Cyber security in the power industry

43 Power industry locks down

48 Control and Automation security: Fort Knox or swing-door

50Eskom conforms to legal emission limits with help from Wonderware

55 Thin client computing for virtualisation and SCADA

59 Virtualisation needs high availability functionality

60 Virtualisation dictionary

63 Events - MESA SA “Adapt or Die” 2012 CONFERENCE

65 Use Protocol Magazine to generate business opportunities

68 2012 Training Schedule (Johannesburg)

69 Support – Customer FIRST

70 On the lighter side

72 Protocol crossword #55

• Rolf Harms, Director of Corporate Strategy and Michael Yamartino, Manager Corporate Strategy, both from Microsoft Corporation, for the highly informative article on the economics of the cloud

• John Coetzee of Aristotle Consulting for the article titled: Control and Automation security: Fort Knox or Swing-door?

• Gerhard Greeff, Divisional Manager at Bytes Systems Integration for the article titled: The Cloud ... here to stay or fading drizzle?

• Maurizio Rovaglio and Tobias Scheele of Invensys for the article dealing with the role of virtual reality in the process industry.

• Ernest Rakaczky and Thomas Szudajski of Invensys for the article on cyber security in the power industry.

JULY/AUGUST 2012

Contents

2 | www.protocolmag.co.za

Editor’s Notes

Virtualisation – not all smoke and mirrors

While this magazine is real, what it talks

about doesn’t necessarily exist in the same

reality that we’re used to. No one has

ever seen most of the servers in today’s

industrial and business systems, for example,

because they don’t really exist – at least not

as individual box-like entities. Yet they do

all the work that their “real” counterparts

do. Welcome to the world of virtualisation

which is rapidly becoming the de-facto

computational environment of today and

tomorrow.

This becomes obvious when looking at the

market landscape for virtualisation as shown

in the diagram where the installed base of

physical units is dwarfed by that of logical

units.

When I fi rst came across virtualisation and

cloud computing, I asked myself a simple

question: Why? Why must I reprogram my

intellectually-challenged technology brain

cell to wrap itself around what sounds like

yet another (and somewhat far-fetched)

vendor-driven fad designed to separate

people from their wallets?

I discovered that what’s driven virtualisation

is getting the most from the unused power

in existing computer technology so that end-

users could access a greater set of solutions

at a lower cost. This came as a huge blow to

my home-cooked cynicism about a vendor-

driven fad but gave my technology brain cell

a new purpose and a reason to live.

With computing power doubling every 18

months according to Moore’s law, the PCs

on our desks and the servers in our server

rooms are doing nothing most of the time

– so why not put them to work? Powerful

desktop PCs can be replaced with Thin

Clients while a single server can now be host

to many “virtual” servers, each operating

in their own environment and making the

most use of the power of multi-core CPUs.

What’s more, these servers need not all be

in one box but “somewhere out there” in

the cloud of Internet and intranet-linked

computing resources and services. The

operational and cost benefi ts to be derived

from this arrangement are numerous but

that led me to another question: While this

may sound like the ultimate “outsourcing”

solution, what about security and proprietary

processes (e.g. real-time manufacturing)?

Quite simply, there are some applications

which are suited to the cloud environment

while others (e.g. real-time industrial

processes) are not.

Further, as outlined

in the article “The

economics of the cloud”,

there is no reason why

cloud security should be

any more lax than any

other. To quote: “In fact,

they [public clouds] are

likely to become more

secure than on premises

[private clouds] due to

the intense scrutiny providers must place on

security and the deep level of expertise they

are developing.”

As organisations continue to implement

virtualisation and converge their data

centre environments, client architectures

also continue to evolve in order to take

advantage of the predictability, continuity

and quality of service delivered by their

converged infrastructure.

Selected client environments move

workloads from PCs and other devices to

data centre servers, creating well-managed

virtual clients, with applications and client

operating environments hosted on servers

and storage in the data centre. For users,

this means they can access their desktop

from any location, without being tied to a

single client device. Since the resources

are centralised, users moving between

work locations can still access the same

client environment with their applications

and data. For IT administrators, this

means a more centralised, effi cient client

environment that is easier to maintain

and able to more quickly respond to the

changing needs of users and businesses.

So, it’s not all smoke and mirrors after all.

Until next time,

Denis du Buisson

ddb@iafrica.com

Acknowledgement: Some of this material is

sourced from Wikipedia

July/August 2012 | 3

Virtualisation and the ArchestrA System PlatformLaunched in 2003, Invensys Wonderware’s System Platform is the unique unifying force behind

industrial applications and their implementation. This ArchestrA-based, industrial “operating system”

preserves past investments, helps save buckets of money on current engineering efforts and is ready

to do the same in the future - because that’s what it was designed to do.

4 | www.protocolmag.co.za

Invensys first to support virtualisation technologies for High Availability and Disaster RecoveryCompany expands certification for VMware

and Microsoft Hyper-V virtualisation

platforms

In February 2012, Invensys Operations

Management announced that it had

expanded its certification for virtualisation

technology, making it the first industrial

automation provider to be certified for

high availability, disaster recovery and fault

tolerance in supervisory control applications

leveraging both the VMware and Microsoft

Hyper-V virtualisation platforms. The

company’s ArchestrA® System Platform 2012

and Wonderware® InTouch® 2012 software

are now certified for the latest VMware

solutions, including VMware vSphere version

5.0 and ESXi version 5.0 for mission-critical

applications.

“Historically, high-availability and disaster-

recovery solutions in supervisory control

systems were expensive to implement, not

only because of hardware and software

costs, but also because of additional

administrative burdens,” said Deon

van Aardt, Divisional Director, Invensys

Operations Management Southern Africa.

“Along with many other benefits, when

ArchestrA System Platform 2012 and InTouch

2012 software are deployed, they support

high-availability and disaster recovery

implementations using Windows Server

Hyper-V virtualisation from Microsoft, as

well as the latest remote desktop services

that are part of Windows Server 2008 R2.

Now, after a rigorous validation period,

our ArchestrA System Platform 2012 and

Wonderware InTouch 2012 software are

also certified for disaster recovery and high

availability using VMware virtualisation. All

this is possible on commercial operating

systems using off-the-shelf hardware, further

reducing cost and easing implementation of

mission-critical applications.”

Virtualisation software, like that offered

by Microsoft and VMware, transforms or

“virtualises” a computer’s hardware, such as

the CPU, hard drive and network controller,

to create a virtual computer that can run

its own operating system and applications

just like a “standard” computer. By sharing

hardware resources with each other, multiple

operating systems can run simultaneously on

a single physical computer. And because it

has the CPU, memory and network devices

of the “host,” a virtual machine is completely

compatible with all standard operating

systems, applications and drivers. With

virtualisation, users can safely run several

operating systems and applications at the

same time on a single computer, with each

having access to the resources it needs

when it needs them. And it’s all possible

with commercial off-the-shelf hardware and

operating systems.

“End-users are rapidly deploying

virtualisation solutions to reduce the

number of physical servers needed for

their plants in order to lower their hardware

costs, IT costs and energy bills,” said Craig

Resnick, vice president, ARC Advisory

Group. “Virtualisation technology also

helps end-users with system deployment

of high-availability, disaster-recovery and

fault-tolerance solutions as it is used to

quickly get plants back up and running

when computers fail, regardless of location.

Invensys Operations Management’s

certification for both VMware and Microsoft

Hyper-V ensures that its customers are

covered and protected regardless of their

choice of platform.”

“While the underlying technology is

sophisticated, virtualisation can deliver

benefits that are much simpler to

understand and achieve,” added van Aardt.

“By eliminating dependencies between

the physical hardware and the software,

customers have more choices to improve the

management of their applications, servers

and equipment. One of the many benefits

is the ability to move virtual machines

between host computers, which enables

a variety of different fail-safe scenarios to

be implemented, each providing options

for different levels of redundancy that

make systems more resilient, less prone

to equipment or site failure and simpler to

upgrade.”

At the OpsManage’11 conference last year,

Invensys Operations Management set up

and demonstrated a scenario where an

entire primary system in Florida failed over

to a backup disaster recovery system in

California.

“Customers were impressed with the ease

and speed with which the backup system

took over control, using only commercial

hardware,” said van Aardt. “That’s the

flexibility they are looking for to modernise

and optimise their businesses. As the

first industrial automation provider to

be certified for high availability, disaster

recovery and fault tolerance on the two

major virtualisation platforms, we look

forward to continuing to offer the products

our customers need to achieve the highest

levels of system availability, reliability and

operational efficiency.”

July/August 2012 | 5

About System Platform - your base for operational excellence

In a nutshell ...

The Wonderware System Platform provides a

versatile application server, a powerful historian

server, an easy-to-use information server and

unparalleled connectivity.

This de-facto information-capturing and

application-unifying standard is designed

with fl exibility and power for a wide range of

applications and industries from geo-SCADA to

real-time environments.

Key benefi ts

• Integrate people, information and processes

• Empower and motivate people to collaborate

• Drive, enforce and adapt processes

• Drive, enforce and adapt standards

• Achieve consistent high quality

• Enable innovation and adaptability to

change

• Reduce risk

• Shorten the time to value/time to market

• Retain highly valued people

• Increase profi ts

Key capabilities

• Common plant model reduces complexity

• Remote software deployment and

maintenance

• Extensible and easily maintained using

template-based and object oriented

structures

• Powerful role-based security model

• “Optimised for SCADA” network and

communication features

• Historical data collection and advanced

trending

• Web based reporting capabilities

• Support of Microsoft Remote Desktop

Services, Smart Card authentication and

Hyper-V virtualisation allow highly economic,

secure and available systems

The Wonderware® System Platform is a

strategic industrial software application

platform that’s built on ArchestrA®

technology for supervisory control,

Geo-SCADA as well as production and

performance management solutions.

Designed to suit the needs of industrial

automation and information personnel,

the Wonderware System Platform is the

backbone and manager for all functional

capabilities required for industrial software

solutions.

With the System Platform, Wonderware

provides an industrialised application

server, a powerful historian server, an

easy to use information server as well as

unparalleled connectivity, all specifi cally

built for demanding real-time industrial

environments.

System Platform 2012 features a virtual computer infrastructure.

Improved process control

Tighter integration of automation applications

Virtual computer infrastructure

ArchestrA System Platform 2012 supports

new high-availability disaster recovery

implementations using Windows Server

Hyper-V virtualisation from Microsoft. In

addition, ArchestrA System Platform 2012

software supports all the latest remote

desktop services that are part of Windows

Server 2008 R2.

Many Windows Server Hyper-V customers

in manufacturing and processing need to

integrate legacy automation, monitoring and

reporting systems across different locations.

By supporting the full spectrum of Windows

Server Hyper-V capabilities, Invensys

Operations Management is enabling the

fl exibility and technology their customers

need to achieve real-time business

optimisation.

Today’s manufacturers and processing

companies typically operate a range of

facilities, all with different automation,

monitoring and reporting systems.

Managing these legacy systems can be

2

3

1

With System Platform, implementation topology and architecture can be modifi ed and redeployed without any need for reengineering, giving you the advantage of freedom and speed.

About System Platform - your base for operational excellence

6 | www.protocolmag.co.za

costly and time consuming. ArchestrA

System Platform solves this problem by

providing a common, highly-efficient

infrastructure to easily develop, manage

and maintain industrial applications with

exceptional scalability and openness.

These solutions allow users, anywhere

on the network, to design, build and

deploy industrial workflow, HMI as well as

automation and information applications,

while leveraging a powerful combination

of re-usable application templates, along

with easy and transparent management of

The Wonderware system platform provides cost-effective communication to virtually any plant information source, including historians, relational databases, quality and maintenance systems, enterprise business systems and manufacturing execution systems.

physical and virtualised computers. Not only

does this reduce engineering costs, shorten

project timetables and enforce automation

and operational procedures, it really

empowers the workforce and strengthens

the drive toward real-time business

optimisation.

What follows is a brief look at what you

need to consider for the implementation

of Virtualisation, High Availability and

Disaster Recovery on your existing ArchestrA

System Platform. These are extracts from

the comprehensive 700-page document

titled: “Wonderware ArchestrA System

Platform in a Virtualised Environment -

Implementation Guide”.

The full guide on implementing the

ArchestrA System Platform in a Virtualised

Environment using Microsoft Hyper-V

technology, failover clustering and other

strategies to create High Availability,

Disaster Recovery and High Availability with

Disaster Recovery capabilities can be viewed

on-line and you can also download it and

print it in part or in whole.

July/August 2012 | 7

Getting started with System Platform and virtualisationOverview of implementing ArchestrA System Platform in a virtualised environment

This is done using Microsoft Hyper-V technology, failover clustering

and other strategies to create High Availability (HA), Disaster Recovery

(DR) as well as High Availability integrated with Disaster Recovery

capabilities.

Virtualisation technologies are becoming high priority for

IT administrators and managers, software and systems engineers,

plant managers, software developers, and system integrators. Mission-

critical operations in both small and large-scale organisations demand

availability—defined as the ability of the user community to access the

system—along with dependable recovery from natural or man-made

disasters. Virtualisation technologies provide a platform for High

Availability and Disaster Recovery solutions.

Let’s assume that you and your organisation have done the necessary

research and analysis and have made the decision to implement

ArchestrA System Platform in a virtualised environment that will

replace the need for physical computers. Such an environment can

take advantage of advanced virtualisation features including

High Availability and Disaster Recovery. In that context, we’ll define

the terms as follows:

• Virtualisation is a concept in which access to a single underlying

piece of hardware (like a server) is coordinated so that multiple guest

operating systems can share that single piece of hardware with

no guest operating system being aware that it is actually sharing

anything.

So, instead of using, say, 4 servers all running at between 10% and

35% utilisation, one could rather run the applications as 4 virtual

machines but on 2 physical servers – and these 2 servers may now

run at say 70% utilisation.

In short, virtualisation allows for two or more virtual computing

environments on a single piece of hardware that may be running

different operating systems and decouples users, operating systems

and applications from physical hardware.

Virtualisation creates a virtual (as opposed to “real”) version of

ArchestrA System Platform or one of its components, including

servers, nodes, databases, storage devices and network resources.

• High Availability (HA) means having the physical servers on which

the community depends available for use the great majority of the

time (e.g. 99% or greater). So, if a physical server fails, the system

will ensure a rapid switchover to a standby backup unit to ensure

continuity of service.

A failover condition may result in some loss of data.

• Disaster Recovery (DR) was intended for use in case of the inability

of localised, on-line servers to function or in the event of their

destruction.

Because of this, systems able to cope with Disaster Recovery are

normally quite geographically remote from those they will be asked

to back up. For example, at the OpsManage’11 conference, Invensys

Operations Management set up and demonstrated a scenario where

an entire primary system in Florida failed over to a backup disaster

recovery system in California.

Because these systems are not on-line like the local servers, a failover

condition may result in the loss of more data than would be the case

in a local switch-over condition.

While these definitions are general and allow for a variety of HA

and DR designs, what follows focuses on virtualisation, an indispensible

element in creating the redundancy necessary for HA and DR solutions.

Types of Virtualisation

There are eight types of virtualisation:

• Hardware: A software execution environment separated from

underlying hardware resources. Includes hardware-assisted

virtualisation, full and partial virtualisation and paravirtualisation.

• Memory: An application operates as though it has sole access to

memory resources, which have been virtualised and aggregated

into one memory pool. Includes virtual memory and memory

virtualisation.

• Storage: Complete abstraction of logical storage from physical

storage

• Software: Multiple virtualised environments hosted within a single

operating system instance. Related is a virtual machine (VM) which is

a software implementation of a computer, possibly hardware-

assisted, which behaves like a real computer.

• Mobile: Uses virtualisation technology in mobile phones and other

types of wireless devices.

• Data: Presentation of data as an abstract layer, independent of

underlying databases, structures and storage. Related is database

virtualisation, which is the decoupling of the database layer

within the application stack.

• Desktop: Remote display, hosting or management of a graphical

computer environment—a desktop.

Getting started with System Platform and virtualisation

8 | www.protocolmag.co.za

• Network: Implementation of a virtualised network address space

within or across network subnets.

Virtualisation using a Hypervisor

Microsoft Hyper-V technology implements a type of

hardware virtualisation using a hypervisor, permitting a number of

guest operating systems (virtual machines) to run concurrently on

a host computer. The hypervisor, also known as a Virtual Machine

Monitor (VMM), is so named because it exists above the usual

supervisory portion of the operating system.

There are two classifi cations of hypervisor:

• Type 1: Also known as a bare-metal hypervisor, runs directly on

the host hardware to control it and to monitor the guest operating

systems. Guest operating systems run as a second level above the

hypervisor.

• Type 2: Also known as a hosted hypervisor, runs within

a conventional operating system environment as a second software

level. Guest operating systems run as a third level above the

hypervisor.

Hyper-V architecture

Hyper-V implements Type 1 hypervisor virtualisation, in which

the hypervisor primarily is responsible for managing the physical

CPU and memory resources among the virtual machines. This

basic architecture is illustrated in fi gure 1.

VM and Hyper-V Limits in Windows Server 2008 R2

Tables 1 and 2 show maximum values for VMs and for a server running

Hyper-V in Windows Server 2008 R2 Standard and Enterprise editions,

respectively. By understanding the limits of the hardware, software and

virtual machines, you can better plan your ArchestrA System Platform

virtualised environment.

Component Maximum Notes

Virtual processor 4

Memory 64 GB

Virtual IDE disk 4 The boot disk must be attached to one of the IDE devices.

The boot disk can be either a virtual hard disk or a physical

disk attached directly to a virtual machine.

Virtual SCSI

controllers

4 Use of virtual SCSI devices requires integration services to be

installed in the guest operating system.

Virtual SCSI discs 256 Each SCSI controller supports up to 64 SCSI discs.

Virtual hard disk

capacity

2040 GB Each virtual hard disk is stored as a .vhd fi le on physical

media.

Size of physical discs

attached to a VM

Varies Maximum size is determined by the guest operating system.

Checkpoints

(snapshots)

50 The actual number depends on the available storage and

may be lower. Each snapshot is stored as an .avhd fi le that

consumes physical storage.

Virtual network

adapters

12 8 of these can be the “network adapter” type. This type

provides better performance and requires a virtual machine

driver that is included in the integration services packages.

The remaining 4 can be the “legacy network adapter” type.

This type emulates a specifi c physical network adapter and

supports the Pre-execution Boot Environment (PXE) to

perform a network-based installation of an operating system.

Virtual fl oppy drives 1

Serial (COM) ports 2

Component Maximum Notes

Logical processors 64

Virtual processors

per logical processor

8

Virtual machines per

server

384 (running)

Virtual processors

per server

512

Memory 1TB

Storage Varies – no limit

imposed by Hyper-V

Limited by the support capability of the

management operating system.

Physical network

adapters

No limit imposed by

Hyper-V

Virtual networks

(switches)

Varies – no limit

imposed by Hyper-V

Limited by available computing resources

Virtual network

switch ports per

server

Varies – no limit

imposed by Hyper-V

Limited by available computing resources

Figure 1: Hyper-V architecture

Table 1: Hyper-V Server maxima - Windows 2008 R2 Standard

Edition

Table 2: Hyper-V Server maxima - Windows 2008 R2 Enterprise

Edition

July/August 2012 | 9

Avantis Eurotherm Foxboro IMServ InFusion SimSci-Esscor Skelta Triconex Wonderware

Traffic that flows. Intelligent buildings that save energy. A public infrastructure that delivers whole new levels of service at lower cost. Systems, assets, people and the environment living in harmony.

You have imagined ArchestrA, the Wonderware technology that lets you manage your infrastructure as you like in an integrated way. Open, scalable, affordable.

Turn imagination into reality with Wonderware. Visit wonderware.com/Infrastructure for more info.

imagineimaginea better future

Building intelligence

Resources Optimization

Cost ReductionSecurity

BetterServices

integrated management

of the City

Public Utilities management

© Copyright 2012. All rights reserved. Invensys, the Invensys logo, Avantis, Eurotherm, Foxboro, IMServ, InFusion, Skelta, SimSci-Esscor, Triconex and Wonderware are trademarks of Invensys plc, its subsidiaries or affiliates. All other brands and product names may be trademarks of their respective owners.

Facility Management • Environment • Power • Smart Cities • Transportation • Waste • Water & Wastewater

10 | www.protocolmag.co.za

Virtualising the ArchestrA System PlatformAbstraction versus Isolation

With the release of InTouch 10.0, supporting

the VMWare ESX platform, Wonderware

became one of the first companies to

support virtual machine operation of

industrial software. VMware ESX is referred

to as a “bare metal” virtualisation

system. The virtualisation is run in an

abstraction layer, rather than in a standard

operating system.

Microsoft takes a different approach

to virtualisation. Microsoft Hyper-V is a

hypervisor-based virtualisation system. The

hypervisor is essentially an isolation layer

between the hardware and partitions which

contain guest systems. This requires at least

one parent partition, which runs Windows

Server 2008.

Figures 2 and 3 show non-virtualised and

virtualised ArchestrA System Platform

topologies respectively.

Note:

An abstraction layer is a layer with

drivers that make it possible for the

virtual machine (VM) to communicate

with hardware (VMware).

In this scenario, the drivers

need to be present for proper

communication with the hardware.

With an isolation layer, the VM uses

the operating system, its functionality

and its installed drivers. This scenario

does not require special drivers.

As a comparison, the abstraction

layer in VMware is 32MB and in

Hyper-V it is 256kb.

Sizing recommendations for virtualisation

The following provides sizing guidelines and

recommended minima for ArchestrA System

Platform installations.

For a virtualisation-only implementation, you

can use these minima and guidelines to size

the virtualisation server or servers that will

host your System Platform configuration.

Cores and Memory

• Spare Resources - The host server should

always have spare resources of 25% above

what the guest machines require. For

example, if a configuration with five nodes

requires 20GB of RAM and 10 CPUs, the

host system should have 25GB of RAM

and 13 CPUs. If this is not feasible, choose

the alternative closest to the 25% figure,

but round up so that the host server has

32GB of RAM and 16 cores.

• Hyper-Threading - Hyper-Threading

Technology can be used to extend the

amount of cores, but it does impact

performance. An 8-core CPU will perform

better than a 4-core CPU that is Hyper-

Threading.

Storage

It is always important to plan for proper

Storage. A best practice is to dedicate

a local drive or virtual drive on a Logical

Unit Number (LUN) to each of the VMs

being hosted. We recommend SATA or

higher interfaces.

Recommended storage topology

To gain maximum performance, the host OS

also should have a dedicated storage drive.

A basic storage topology would include:

• Host storage

• VM storage for each VM

• A general disc which should be large

enough to hold snapshots, backups and

Figure 2: A common, non-virtualised ArchestrA System Platform topology.

July/August 2012 | 11

Figure 3: The same environment as figure 2 but virtualised using Hyper-V

Table 3: Minimum system Platform configurations for small (black) as well as medium and large (red) systems

other content. It should not be used by

the host or by a VM.

Recommended storage speed

Boot times and VM performance are

impacted both by storage bandwidth and

storage speed. Faster is always better. Drives

rated at 7200 rpm perform better than those

rated at 5400 rpm. Solid-state drives (SSDs)

perform better than 7200-rpm drives.

Keep in mind that multiple VMs attempting

to boot from one hard drive will be slow

and your performance will experience a

significant degradation. Attempting to save

on storage could well become more costly in

the end.

Networks

Networking is as important as any other

component for the overall performance of

the system.

Recommended networking for virtualisation

- If virtualisation is your only requirement,

your network topology could include the

following elements:

• Plant network

• Storage network

• Hyper-V network.

A best practice is to establish, on every

node, an internal-only Static Virtual Network.

In the event that the host and the guest

VMs become disconnected from the outside

world, you will still be able to communicate

through an RDP session independent of

external network connectivity.

Table 3 shows recommended minima for

System Platform configurations.

Item Cores RAM Storage

Galaxy Repository node 2-4 2-4 100/250

Historian 2-4 2-4 250/500

Application Server 2-2/4 2-4 100/100

RDS Servers 2-4/8 2-4/8 100/100

Information Servers 2-4 2-4 100/100

Historian Clients 2-2 2-4 100/100

Virtualising the ArchestrA System Platform

12 | www.protocolmag.co.za

AvailabilityLevels of Availability

When planning a virtualisation implementation—for High Availability, Disaster Recovery, Fault Tolerance, and Redundancy—it is helpful to consider

levels or degrees of redundancy and availability as shown in table 4.

Level Description Comments

Level 0

Redundancy

No redundancy built into the architecture for

safeguarding critical architectural components

Expected failover: None

Level 1

Cold stand-by redundancy

Redundancy at the Application Object level

Safeguards single points of failure at the

DAServer level or AOS redundancy.

Expected failover: 10 to 60 seconds

Level 2

High Availability (HA)

• With provision to synchronise in real-time

• Uses virtualisation techniques

• Can be 1-n levels of hot standby

• Can be geographically diverse (DR)

• Uses standard OS and non-proprietary

hardware

Expected failover: Uncontrolled 30 seconds

to 2 minutes,

Disaster Recovery: 2 - 7 minutes

Level 3

Hot redundancy

Redundancy at the application level typically

provided by Invensys controllers. For example,

hot backup of Invensys software such as Alarm

System.

Expected failover: Next cycle or single-digit

seconds

Level 4

Lock-step fault tolerance (FT)

Provides lock-step failover Expected failover: Next cycle or without loss

of data.

For ArchestrA System Platform, this would be

a Marathon-type solution, which can also be a

virtualised system.

Table 4: Degrees of redundancy and availability that should be considered

High Availability

About HA

High Availability refers to the availability of resources in a

computer system following the failure or shutdown of one or more

components of that system.

At one end of the spectrum, traditional HA has been achieved

through custom-designed and redundant hardware. This solution

produces High Availability, but has proven to be very expensive.

At the other end of the spectrum are software solutions designed

to function with off-the-shelf hardware. This type of solution

typically results in significant cost reduction and has proven to survive

single points of failure in the system.

High Availability scenarios

The basic HA architecture implementation described here consists

of an on-line system including a Hyper-V Server and a number of

virtual PCs, linked by a LAN to an offline duplicate system. The LAN

accommodates a number of networks including a plant floor network

linked to plant operations, an I/O network linked to field devices and a

replication network linked to storage.

The basic architecture shown in figure 4 permits a number of common

scenarios:

IT maintains a virtual server

• A system engineer fails over all virtual nodes hosting

ArchestrA System Platform software to back up the virtualisation

server over the LAN.

• For a distributed system, the system engineer fails over all virtual

nodes to back up the virtualisation server over a WAN.

• IT performs the required maintenance, requiring a restart of the

primary virtualisation server.

July/August 2012 | 13

Figure 4: High-Availability architecture

Virtualisation server hardware fails (Note: This scenario is a

hardware failure, not software. A program that crashes or hangs is

a failure of software within a given OS.)

• The primary virtualisation server hardware fails with a

backup virtualisation server on the same LAN.

• For a distributed system, the virtualisation server hardware fails with

a backup virtualisation server over WAN.

A network fails on a virtual server.

• Any of the primary virtualisation server network components fail with

a backup virtualisation server on the same LAN, triggering a backup

of virtual nodes to the backup virtualisation server.

• Any of the primary virtualisation server

network components fail with a backup

virtualisation server connected via WAN,

triggering a backup of virtual nodes to

the backup virtualisation server over

WAN.

For these scenarios, the following

expectations apply:

• For the maintenance scenario, all

virtual images are up and running from

the last state of execution prior to

failover.

• For the hardware and network failure

scenarios, the virtual images restart

following failover.

• For LAN operations, you should

see operational disruptions for approximately 2-15 seconds (LAN

operations assume recommended speeds and bandwidth.

• For WAN operations, you should see operational disruptions for

approximately 2 minutes (WAN operations assume recommended

speeds and bandwidth.

Note: The disruption spans described here are general

and approximate.

Availability

14 | www.protocolmag.co.za

Disaster RecoveryAbout DR

Disaster Recovery planning typically involves policies, processes, and

planning at the enterprise level, which is well outside the scope of this

article.

DR, at its most basic, is all about data protection. The most common

strategies for data protection include the following:

• Backups made to tape and sent off-site at regular intervals, typically

daily.

• For the hardware and network failure scenarios, the virtual images

restart following failover

• For the hardware and network failure scenarios, the virtual images

restart following failover

• Backups made to disk on-site, automatically copied to an off-site

disc, or made directly to an off-site disk.

• Replication of data to an off-site location, making use of storage

area network (SAN) technology. This strategy eliminates the need

to restore the data. Only the systems need to be restored or

synchronised.

• High availability systems which replicate both data and system off-

site. This strategy enables continuous access to systems and data.

The ArchestrA System Platform virtualised environment implements the

fourth strategy—building DR on an HA implementation.

Disaster Recovery scenarios

The basic DR architecture implementation described here builds on the

HA architecture by moving storage to each Hyper-V server and moving

the offline system to an off-site location.

The DR scenarios duplicate those described in “High Availability

Scenarios” above, with the variation that all failovers and backups occur

over a WAN as shown in figure 5.

Figure 5: Disaster Recovery architecture

July/August 2012 | 15

About HADR

The goal of a High Availability and Disaster Recovery (HADR) solution

is to provide a means to shift data processing and retrieval to a standby

system in the event of a primary system failure.

Typically, HA and DR are considered as individual architectures. HA and

DR combined treat these concepts as a continuum. If your system is

geographically distributed, for example, HA combined with DR

can make it both highly available and able to recover from a disaster

quickly.

Figure 6: Combined DR and HA architecture

High Availability with Disaster Recovery

HADR scenarios

The basic HADR architecture implementation described in this

guide builds on both the HA and DR architectures adding an offline

system plus storage at “Site A”. This creates a complete basic

HA implementation at “Site A” plus a DR implementation at “Site B”

when combined with distributed storage.

The scenarios and basic performance metrics described in “High

Availability Scenarios” above also apply to HADR.

High Availability with Disaster Recovery

16 | www.protocolmag.co.za

The economics of the cloudCloud computing is neither an

invention nor a discovery. It

is the natural next step in an

information delivery evolution

that started with mainframes and

which is now poised to provide

an unprecedented level of

decision support to all levels of

the enterprise because, whatever

their size, they can at last all afford

it. Information and the access to

computing resources has never

before had such a breakthrough.

Rolf Harms, Director of Corporate

Strategy and Michael Yamartino,

Manager Corporate Strategy, both

from Microsoft Corporation, explain

the economics of the cloud.

July/August 2012 | 17

Computing is undergoing a seismic shift

from client/server to the cloud, a shift similar

in importance and impact to the transition

from mainframe to client/server. Speculation

abounds on how this new era will evolve in the

coming years, and IT leaders have a critical

need for a clear vision of where the industry

is heading. We believe the best way to form

this vision is to understand the underlying

economics driving the long-term trend. In this

paper, we will assess the economics of the

cloud by using in-depth modelling. We then

use this framework to better understand the

long-term IT landscape.

1. Introduction

When cars emerged in the early 20th

century, they were initially called “horseless

carriages”. Understandably, people were

sceptical at first, and they viewed the

invention through the lens of the paradigm

that had been dominant for centuries: the

horse and carriage. The first cars also looked

very similar to the horse and carriage (just

without the horse), as engineers initially

failed to understand the new possibilities

of the new paradigm, such as building for

higher speeds, or greater safety. Incredibly,

engineers kept designing the whip holder

into the early models before realising that it

wasn‘t necessary anymore.

Initially there was a broad failure to fully

comprehend the new paradigm. Banks

claimed that, “The horse is here to stay but

the automobile is only a novelty, a fad”.

Even the early pioneers of the car didn‘t fully

grasp the potential impact their work could

have on the world. When Daimler, arguably

the inventor of the automobile, attempted

to estimate the long-term auto market

opportunity, he concluded there could never

be more than 1 million cars, because of

their high cost and the shortage of capable

chauffeurs1.

By the 1920s the number of cars had already

reached 8 million and today there are over

600 million cars – proving Daimler wrong

hundreds of times over. What the early

pioneers failed to realise was that profound

reductions in both cost and complexity of

operating cars and a dramatic increase in

its importance in daily life would overwhelm

prior constraints and bring cars to the masses.

Today, IT is going through a similar change:

the shift from client/server to the cloud.

The cloud promises not just cheaper IT, but

also faster, easier, more flexible and more

effective IT.

Just as in the early days of the car industry,

it‘s currently difficult to see where this new

paradigm will take us. The goal of this

whitepaper is to help build a framework

that allows IT leaders to plan for the cloud

transition2. We take a long-term view in

our analysis, as this is a prerequisite when

evaluating decisions and investments that

could last for decades. As a result, we focus

on the economics of the cloud rather than on

specific technologies or other driving factors

like organisational change, as economics

often provide a clearer understanding of

transformations of this nature.

In Section 2, we outline the underlying

economics of the cloud, focusing on what

makes it truly different from client/server.

In Section 3, we will assess the implications

of these economics for the future of IT. We

will discuss the positive impact cloud will

have but will also discuss the obstacles that

still exist today.

Finally, in Section 4, we will discuss what‘s

important to consider as IT leaders embark

on the journey to the cloud.

2. Economics of the cloud

Economics are a powerful force in

shaping industry transformations. Today‘s

discussions on the cloud focus a great deal

on technical complexities and adoption

hurdles. While we acknowledge that such

concerns exist and are important, historically,

underlying economics have a much stronger

impact on the direction and speed of

disruptions, as technological challenges are

resolved or overcome through the rapid

innovation we‘ve grown accustomed to

(Figure 2). During the mainframe

era, client/server was initially viewed

as a “toy” technology, not viable as a

mainframe replacement.

Yet, over time, the client/server technology

found its way into the enterprise (Figure 3).

Similarly, when virtualisation technology was

first proposed, application compatibility

concerns and potential vendor lock-in

were cited as barriers to adoption.

Yet underlying economics of 20 to 30

Figure 1: Horseless carriage syndrome

Figure 2: Cloud opportunity. Source: Microsoft

1 Source: Horseless Carriage Thinking, William Horton Consulting.

2 Cloud in this context refers to cloud computing architecture, encompassing both public and private clouds.

The economics of the cloud

18 | www.protocolmag.co.za

percent savings3 compelled CIOs to

overcome these concerns, and adoption

quickly accelerated.

The emergence of cloud services is

again fundamentally shifting the economics

of IT. Cloud technology standardises and

pools IT resources and automates man y

of the maintenance tasks done manually

today. Cloud architectures facilitate elastic

consumption, self-service, and pay-as-

you-go pricing.

Cloud also allows core IT infrastructure to

be brought into large data centres that take

advantage of significant economies of scale

in three areas:

• Supply-side savings. Large-scale data

centres (DCs) lower costs per server.

• Demand-side aggregation. Aggregating

demand for computing smoothes overall

variability, allowing server utilisation rates

to increase.

• Multi-tenancy efficiency. When changing

to a multitenant application model,

increasing the number of tenants (i.e.,

customers or users) lowers the application

management and server cost per tenant.

2.1 Supply-side economies of scale

Cloud computing combines the best

economic properties of mainframe and

3 Source: “Dataquest Insight: Many Midsize Businesses Looking Toward 100% Server Virtualisation”. Gartner, May 8, 2009.

4 Source: The Economics of Virtualisation: Moving Toward an Application-Based Cost Model, IDC, November 2009.

5 Not including app labour. Studies suggest that for low-efficiency data centres, three-year spending on power and cooling, including infrastructure, already outstrips three-year server

hardware spending.

6 Power Utilization Effectiveness equals total power delivered into a data centre divided by critical power – the power needed to actually run the servers. Thus, it measures the efficiency of

the data centre in turning electricity into computation. The best theoretical value is 1.0, with higher numbers being worse.

client/server computing.

The mainframe era

was characterised by

significant economies of

scale due to high up-front

costs of mainframes

and the need to hire

sophisticated personnel

to manage the systems.

As required computing

power – measured in

MIPS (million instructions

per second) – increased,

cost declined rapidly

at first (Figure 4), but

only large central IT organisations had the

resources and the aggregate demand to

justify the investment. Due to the high cost,

resource utilisation was prioritised over

end-user agility. Users‘ requests were put in

a queue and processed only when needed

resources were available.

With the advent of minicomputers and later

client/server technology, the minimum unit

of purchase was greatly reduced, and the

resources became easier to operate and

maintain. This modularisation significantly

lowered the entry barriers to providing IT

services, radically improving end-user agility.

However, there was a significant utilisation

trade-off, resulting in the current state of

affairs: data centres sprawling with servers

purchased for whatever need existed at the

time, but running at just 5%-10% utilisation4.

Cloud computing is not a return to the

mainframe era as is sometimes suggested,

but in fact offers users economies of scale

and efficiency that exceed those of a

mainframe, coupled with modularity and

agility beyond what client/server technology

offered, thus eliminating the trade-off.

The economies of scale emanate from the

following areas:

• Cost of power. Electricity cost is rapidly

rising to become the largest element

of total cost of ownership (TCO)5

currently representing 15%-20%. Power

Usage Effectiveness (PUE)6 tends to be

significantly lower in large facilities than in

smaller ones. While the operators of small

data centres must pay the prevailing local

rate for electricity, large providers can

pay less than one-fourth of the national

average rate by locating its data centres

in locations with inexpensive electricity

supply and through bulk purchase

Figure 3: Beginning the transition to client/server

technology. Source: “How convention shapes our

market” longitudinal survey, Shana Greenstein, 1997

Figure 4: Economies of scale (illustrative)

July/August 2012 | 19

7 Source: U.S. Energy Information Administration (July 2010) and Microsoft. While the average U.S. commercial rate is 10.15 cents per kilowatt hour, some locations offer power for as little as

2.2 cents per kilowatt hour

8 Source: James Hamilton, Microsoft Research, 2006.

9 In this paper, we talk generally about “resource” utilization. We acknowledge there are important differences among resources. For example, because storage has fewer usage spikes

compared with CPU and I/O resources, the impact of some of what we discuss here will affect storage to a smaller degree.

10 Multiple applications can run on a single server, of course, but this is not common practice. It is very challenging to move a running application from one server to another without also

moving the operating system, so running multiple applications on one operating system instance can create bottlenecks that are difficult to remedy while maintaining service, thereby limiting

agility. Virtualisation allows the application plus operating system to be moved at will.

agreements7.In addition, research has

shown that operators of multiple data

centres are able to take advantage of

geographical variability in electricity rates,

which can further reduce energy cost.

• Infrastructure labour costs. While cloud

computing significantly lowers labour

costs at any scale by automating many

repetitive management tasks, larger

facilities are able to lower them further

than smaller ones. While a single system

administrator can service approximately

140 servers in a traditional enterprise8, in a

cloud data centre the same administrator

can service thousands of servers. This

allows IT employees to focus on higher

value-add activities like building new

capabilities and working through the

long queue of user requests every IT

department contends with.

• Security and reliability. While often

cited as a potential hurdle to public cloud

adoption, increased need for security and

reliability leads to economies of scale due

to the largely fixed level of investment

required to achieve operational security

and reliability. Large commercial cloud

providers are often better able to bring

deep expertise to bear on this problem

than a typical corporate IT department,

thus actually making cloud systems more

secure and reliable.

• Buying power. Operators of large data

centres can get discounts on hardware

purchases of up to 30 percent over smaller

buyers. This is enabled by standardising

on a limited number of hardware and

software architectures. Recall that for

the majority of the mainframe era, more

than 10 different architectures coexisted.

Even client/server included nearly a

dozen UNIX variants and the Windows

Server OS, and x86 and a handful of

RISC architectures. Large-scale buying

power was difficult in this heterogeneous

environment. With cloud, infrastructure

homogeneity enables scale economies.

Going forward, there will likely be many

additional economies of scale that we

cannot yet foresee. The industry is at the

early stages of building data centres at a

scale we‘ve never seen before (Figure 5).

The massive aggregate scale of these mega

DCs will bring considerable and ongoing

R&D to bear on running them more

efficiently, and make them more efficient

for their customers. Providers of large-scale

DCs, for which running them is a primary

business goal, are likely to benefit more

from this than smaller DCs which are run

inside enterprises.

2.2 Demand-side economies of scale

The overall cost of IT is determined not

just by the cost of capacity, but also by the

degree to which the capacity is efficiently

utilised. We need to assess the impact that

demand aggregation will have on costs of

actually utilised resources (CPU, network,

and storage)9.

In the non-virtualised data centre, each

application/workload typically runs on

its own physical server10. This means the

number of servers scales linearly with the

number of server workloads. In this model,

utilisation of servers has traditionally been

Figure 6: Random variability (exchange server). Source: Microsoft)

Figure 5: Relatively recent large data centre projects. Source: Press releases

The economics of the cloud

20 | www.protocolmag.co.za

extremely low, around 5 to 10 percent11.

Virtualisation enables multiple applications

to run on a single physical server within

their optimised operating system instance,

so the primary benefit of virtualisation is

that fewer servers are needed to carry the

same number of workloads. But how will this

affect economies of scale? If all workloads

had constant utilisation, this would entail a

simple unit compression without impacting

economies of scale. In reality, however,

workloads are highly variable over time,

often demanding large amounts of resources

one minute and virtually none the next.

This opens up opportunities for utilisation

improvement via demand-side aggregation

and diversification.

We analysed the different sources of

utilisation variability and then looked at the

ability of the cloud to diversify it away and

thus reduce costs.

We distinguish five sources of variability and

assess how they might be reduced:

1. Randomness. End-user access patterns

contain a certain degree of randomness.

For example, people check their email

at different times (Figure 6). To meet

service level agreements, capacity

buffers have to be built in to account for

a certain probability that many people

will undertake particular tasks at the

same time. If servers are pooled, this

variability can be reduced.

2 Time-of-day patterns. There are daily

recurring cycles in people‘s behaviour:

consumer services tend to peak in the

evening, while workplace services tend

to peak during the workday. Capacity

has to be built to account for these

daily peaks but will go unused during

other parts of the day causing

low utilisation. This variability

can be countered by running the

same workload for multiple time

zones on the same servers (Figure

7) or by running workloads with

complementary time-of-day patterns

(for example, consumer services and

enterprise services) on the same

servers.

3. Industry-specific variability. Some

variability is driven by industry

dynamics. Retail firms see a spike

during the holiday shopping season

while U.S. tax firms will see a peak

before April 15 (Fig. 8). There are

multiple kinds of industry variability —

some recurring and predictable (such

as the tax season or the Olympic

Games), and others unpredictable

(such as major news stories).

. The common result is that capacity

has to be built for the expected peak

(plus a margin of error). Most of this

capacity will sit idle the rest of the

time. Strong diversification benefits

exist for industry variability.

4. Multi-resource variability.

Compute, storage, and input/

output (I/O) resources are generally

bought in bundles: a server contains

a certain amount of computing

power (CPU), storage, and I/O (e.g.,

networking or disk access). Some

workloads like search use a lot of

CPU but relatively little storage or

I/O, while other workloads like email

tend to use a lot of storage but little

CPU (Figure 9).

While it‘s possible to adjust capacity

by buying servers optimised for CPU or

storage, this addresses the issue only to

a limited degree because it will reduce

flexibility and may not be economical

from a capacity perspective. This

variability will lead to resources going

unutilised unless workload diversification

is employed by running workloads with

complementary resource profiles.

5. Uncertain growth patterns. The

difficulty of predicting future need for

computing resources and the long

lead-time for bringing capacity online is

another source of low utilisation (Figure

10). For start-ups, this is sometimes

referred to as the “TechCrunch effect”.

Enterprises and small businesses

all need to secure approval for IT

investments well in advance of actually

knowing their demand for infrastructure.

Even large private companies face

this challenge, with firms planning

their purchases six to twelve months

11 Source: The Economics of Virtualisation: Moving Toward an Application-Based Cost Model, IDC, November 2009.

Figure 7: Time-of-day patterns for search. Source:

Bing search volume over 24-hour period

Figure 8: Industry-specific variability. Source: Alexa

Internet

Figure 9: Multi-resource variability (illustrative).

Source: Microsoft

Figure 10: Uncertain growth patterns. Source:

Microsoft

July/August 2012 | 21

in advance (Figure 10). By diversifying

among workloads across multiple

customers, cloud providers can

reduce this variability, as higher-than-

anticipated demand for some workloads

is cancelled out by lower-than-

anticipated demand for others.

A key economic advantage of the cloud is

its ability to address variability in resource

utilisation brought on by these factors. By

pooling resources, variability is diversified

away, evening out utilisation patterns. The

larger the pool of resources, the smoother

the aggregate demand profile, the higher

the overall utilisation rate and the cheaper

and more efficiently the IT organisation can

meet its end-user demands.

We modelled the theoretical impact of

random variability of demand on server

utilisation rates as we increased the number

of servers12. Figure 11 indicates that a

theoretical pool of 1,000 servers could

be run at approximately 90% utilisation

without violating its SLA. This only holds

true in the hypothetical situation where

random variability is the only source of

variability and workloads can be migrated

between physical servers instantly without

interruption. Note that higher levels

of uptime (as defined in a service level

agreement or SLA) become much easier to

deliver as scale increases.

Clouds will be able to reduce time-of-day

variability to the extent that they are

diversified amongst geographies and

workload types. Within an

average organisation, peak IT

usage can be twice as high as

the daily average. Even in large,

multi-geography organisations,

the majority of employees and

users will live in similar time

zones, bringing their daily cycles

close to synchrony. Also, most

organisations do not tend to have

workload patterns that offset

one another: for example, the

email, network and transaction

processing activity that takes place during

business hours is not replaced by an equally

active stream of work in the middle of the

night. Pooling organisations and workloads

of different types allows these peaks and

troughs to be offset.

Industry variability results in highly

correlated peaks and troughs throughout

each firm (that is, most of the systems

in a retail firm will be at peak capacity

around the holiday season (e.g., web

servers, transaction processing, payment

processing, databases)13. Figure 12 shows

industry variability for a number of different

industries, with peaks ranging from 1,5x to

10x average usage.

Microsoft services such as Windows Live

Hotmail and Bing take advantage of

multi-resource diversification by layering

different subservices to optimise workloads

with different resource profiles (such as

CPU bound or storage bound). It is difficult

to quantify these benefits, so we have not

included multi-resource diversification in our

model.

Some uncertain growth pattern variability

can be reduced by hardware standardisation

and just-in-time procurement, although likely

not completely. Based on our modelling, the

impact of growth uncertainty for enterprises

with up to 1,000 servers is 30 to 40 percent

over-provisioning of servers relative to a

public cloud service. For smaller companies

(for example, Internet start-ups), the impact

is far greater.

So far we have made the implicit assumption

that the degree of variability will stay the

same as we move to the cloud. In reality, it

is likely that the variability will significantly

increase, which will further increase

economies of scale. There are two reasons

why this may happen:

• Higher expectation of performance.

Today, users have become accustomed

to resource constraints and have learned

to live with them. For example, users

will schedule complex calculations to

run overnight, avoid multiple model

iterations, or decide to forgo time-

consuming and costly supply chain

optimisations. The business model of

cloud allows a user to pay the same for

1 machine running for 1,000 hours as he

would for 1,000 machines running for 1

hour. Today, the user would likely wait

1,000 hours or abandon the project. In

the cloud, there is virtually no additional

cost to choosing 1,000 machines and

accelerating such processes. This will have

a dramatic impact on variability. Pixar

Animation Studios, for example runs its

computer-animation rendering process on

Windows Azure because every frame of

their movies takes eight hours to render

today on a single processor, meaning it

would take 272 years to render an entire

movie. As they said, “We are not that

patient.” With Azure, they can get the job

done as fast as they need. The result is

huge spikes in Pixar‘s usage of Azure as

they render on-demand.

• Batch processes will become real time.

Many processes — for example, accurate

stock availability for online retailers — that

were previously batch driven, will move

12 To calculate economies of scale arising from diversifying random variability, we created a Monte Carlo model to simulate data centres of various sizes serving many random workloads.

For each simulated DC, workloads (which are made to resemble hypothetical web usage patterns) were successively added until the expected availability of server resources dropped below

a given uptime of 99.9 percent or 99.99 percent. The maximum number of workloads determines the maximum utilization rate at which the DC‘s servers can operate without compromising

performance.

13 Ideally, we would use the server utilisation history of a large number of customers to gain more insight into such patterns. However, this data is difficult to get and often of poor quality. We

therefore used web traffic as a proxy for the industry variability.

Figure 11: Diversifying random variability.

Source: MicrosoftInternet

Figure 12: Industry variability. Source:

Microsoft, Alexa Internet, Inc.

The economics of the cloud

22 | www.protocolmag.co.za

to real-time. Thus, multi-stage processes

that were once sequential will now occur

simultaneously, such as a manufacturing

firm that can tally its inventory, check its

order backlog and order new supplies

at once. This will amplify utilisation

variability.

We note that even the largest public

clouds will not be able to diversify away

all variability; market level variability will

likely remain. To further smooth demand,

sophisticated pricing can be employed. For

example, similar to the electricity market

(Figure 13), customers can be given the

incentive to shift their demand from high

utilisation periods to low utilisation periods.

In addition, a lower price spurs additional

usage from customers due to price elasticity

of demand. Demand management will

further increase the economic benefits of

the cloud.

2.3 Multi-tenancy economies of scale

The previously described supply-side and

demand-side economies of scale can be

achieved independent of the application

architecture, whether it be traditional

scale-up or scale-out, single tenant or

multitenant. There is another important

source of economies of scale that can be

harnessed only if the application is written

as a multi-tenant application. That is, rather

than running an application instance

for each customer – as is done for

on-premises applications and most

hosted applications such as dedicated

instances of Microsoft Office 365 – in

a multi-tenant application, multiple

customers use a single instance of the

application simultaneously, as in the

case of shared Office 365. This has two

important economic benefits:

• Fixed application labour

amortised over a large number of

customers. In a single-tenant instance,

each customer has to pay for its own

application management (that is, the

labour associated with update and

upgrade management and incident

resolution). We‘ve examined data from

customers, as well as Office 365-D and

Office 365-S to assess the impact. In

dedicated instances, the same activities,

such as applying software patches, are

performed multiple times – once for

each instance. In a multi-tenant instance

such as Office 365-S, that cost is shared

across a large set of customers, driving

application labour costs per customer

towards zero. This can result in a

meaningful reduction in overall cost,

especially for complex applications.

• Fixed component of server

utilisation amortised over large

number of customers. For each

application instance, there is a

certain amount of server overhead.

Figure 14 shows an example from

Microsoft‘s IT department in which

intraday variability appears muted

(only a 16 percent increase between

peak and trough) compared to actual

variability in user access. This is caused

by application and runtime overhead,

which is constant throughout the day. By

moving to a multitenant model with a

single instance, this resource overhead

can be amortised across all customers.

We have examined Office 365-D, Office

365-S and Microsoft Live@edu data to

estimate this overhead, but so far it has

proven technically challenging to isolate

this effect from other variability in the

data (for example, user counts and server

utilisation) and architectural differences in

the applications. Therefore, we currently

assume no benefit from this effect in our

model.

Applications can be entirely multitenant by

being completely written to take advantage

of these benefits, or can achieve partial

multi-tenancy by leveraging shared services

provided by the cloud platform. The greater

the use of such shared services, the greater

the application will benefit from these multi-

tenancy economies of scale.

2.4 Overall impact

The combination of supply-side economies

of scale in server capacity (amortising

costs across more servers), demand-side

aggregation of workloads (reducing

variability), and the multi-tenant application

model (amortising costs across multiple

customers) leads to powerful economies of

scale. To estimate the magnitude, we built a

cost scaling model which estimates the long

term behaviour of costs.

Figure 15 shows the output for a workload

that utilises 10 percent of a traditional server.

The model indicates that a 100,000-server

data centre has an 80% lower total cost of

ownership (TCO) compared to a 1,000-server

data centre.

Figure 13: Variable electricity pricing. Source:

Ameren Illinois Utilities

Figure 14: Utilisation overhead. Source: Microsoft

Figure 15: Economies of scale in the cloud.

Source: Microsoft

Figure 16: IT spending breakdown.

Source: Microsoft

July/August 2012 | 23

This raises the question: what impact will the

Cloud Economics we described have on the

IT budget? From customer data, we know

the approximate breakdown between the

infrastructure costs, costs of supporting and

maintaining existing applications and new

application development costs (Figure 16).

The cloud impacts all three of these areas.

The supply-side and demand-side savings

impact mostly the infrastructure portion,

which comprises over half of spending.

Existing app maintenance costs include

update and patching labour, end-user

support, and license fees paid to vendors.

They account for roughly a third of spending

and are addressed by the multi-tenancy

efficiency factor.

New application development accounts for

just over a tenth of spending14, even though

it is seen as the way for IT to innovate.

Therefore IT leaders generally want to

increase spending here. The economic

benefits of cloud computing described here

will enable this by freeing up room in the

budget to do so. We will touch more on this

aspect in the next paragraph as well as in

Section 3.

2.5 Harnessing cloud economics

Capturing the benefits described above

is not a straightforward task with today‘s

technology. Just as engineers had to

fundamentally rethink design in the early

days of the car, so too will developers have

to rethink design of applications. Multi-

tenancy and demand-side aggregation

is often difficult for developers or even

sophisticated IT departments to implement

on their own. If not done correctly, it could

end up either significantly raising the costs

of developing applications (thus at least

partially nullifying the increased budget

room for new app development); or

capturing only a small subset of the savings

previously described. The best approach in

harnessing the cloud economics is different

for packaged applications vs. new/custom

applications.

Packaged applications: While virtualising

packaged applications and moving them

to cloud virtual machines (e.g., virtualised

Exchange) can generate some savings, this

solution is far from ideal and fails to capture

the full benefits outlined in this section. The

cause is twofold. First, applications designed

to be run on a single server will not easily

scale up and down without significant

additional programming to add load-

balancing, automatic failover, redundancy

and active resource management. This

limits the extent to which they are able to

aggregate demand and increase server

utilisation. Second, traditional packaged

applications are not written for multi-tenancy

and simply hosting them in the cloud does

not change this. For packaged applications,

the best way to harness the benefits of cloud

is to use SaaS offerings like Office365, which

have been structured for scale-out and

multi-tenancy to capture the full benefits.

New/custom applications: Infrastructure-

as-a-Service (IaaS) can help capture some

of the economic benefits for existing

applications. Doing so is, however, a bit of a

“horseless carriage” in that the underlying

platform and tools were not designed

specifically for the cloud. The full advantage

of cloud computing can only be properly

unlocked through a significant investment

in intelligent resource management. The

resource manager must understand both the

status of the resources (networking, storage,

and compute) as well as the activity of the

applications being run. Therefore, when

writing new apps, Platform as a Service most

effectively captures the economic benefits.

PaaS offers shared services, advanced

management and automation features

that allow developers to focus directly on

application logic rather than on engineering

their application to scale.

To illustrate the impact, a start-up named

Animoto used Infrastructure-as-a-Service

(IaaS) to enable scaling – adding over 3,500

servers to their capacity in just 3 days as

they served over three-quarters of a million

new users. Examining their application later,

however, the Animoto team discovered that

a large percentage of the resources they

were paying for were often sitting idle –

often over 50%, even in a supposedly elastic

cloud. They restructured their application

and eventually lowered operating costs by

20%. While Animoto is a cloud success story,

it was only after an investment in intelligent

resource management that they were able to

harness the full benefits of the cloud. PaaS

would have delivered many of these benefits

“out-of-the-box” without any additional

tweaking required.

3. Implications

In this Section, we will discuss the

implications of the previously described

economics of cloud. We will discuss the

ability of private clouds to address some of

the barriers to cloud adoption and assess

the cost gap between public and private

clouds.

3.1 Possibilities and obstacles

The economics we described in section 2 Figure 17: Capturing cloud benefits. Source: Microsoft

14 New application development costs include only the cost of designing and writing the application and excluding the cost of hosting them on new infrastructure. Adding these costs results

in the 80% / 20% split seen elsewhere.

The economics of the cloud

24 | www.protocolmag.co.za

will have a profound impact on IT. Many IT

leaders today are faced with the problem

that 80% of the budget is spent on “keeping

the lights on” and maintaining existing

services and infrastructure. This leaves

few resources available for innovation or

addressing the never-ending queue of

new business and user requests. Cloud

computing will free up significant resources

that can be redirected to innovation.

Demand for general purpose technologies

like IT has historically proven to be very price

elastic (Figure 18). Thus, many IT projects

that previously were cost-prohibitive will now

become viable thanks to cloud economics.

However, lower TCO is only one of the key

drivers that will lead to a renewed level of

innovation within IT:

• Elasticity is a game-changer because,

as described before, renting 1 machine

for 1,000 hours will be nearly equivalent

to renting 1,000 machines for 1 hour in

the cloud. This will enable users and

organisations to rapidly accomplish

complex tasks that were previously

prohibited by cost or time constraints.

Being able to both scale up and scale

down resource intensity nearly instantly

enables a new class of experimentation

and entrepreneurship.

• Elimination of capital expenditure

will significantly lower the risk

premium of projects, allowing for more

experimentation. This both lowers

the costs of starting an operation and

lowers the cost of failure or exit – if an

application no longer needs certain

resources, they can be decommissioned

with no further expense or write-off.

• Self-service Provisioning servers

through a simple web portal rather than

through a complex IT procurement

and approval chain can lower friction

in the consumption model, enabling

rapid provisioning and integration of

new services. Such a system also allows

projects to be completed in less time

with less risk and lower administrative

overhead than previously.

• Reduction of complexity. Complexity

has been a long standing inhibitor

of IT innovation. From an end-user

perspective SaaS is setting a new bar for

user friendly software. From a developer

perspective Platform as a Service (PaaS)

greatly simplifies the process of writing

new applications, in the same way as

cars greatly reduced the complexity

of transportation by eliminating, for

example, the need to care for a horse.

These factors will significantly increase

the value add delivered by IT. Elasticity

enables applications like yield management,

complex event processing, logistics

optimisation, and Monte Carlo simulation,

as these workloads exhibit nearly infinite

demand for IT resources. The result will be

massively improved experience, including

scenarios like real-time business intelligence

analytics and HPC for the masses.

However, many surveys show that significant

concerns currently exist around cloud

computing. As Figure 19 shows, security,

privacy, maturity, and compliance are

the top concerns. Many CIOs also worry

about legacy compatibility: it is often

not straightforward to move existing

applications to the cloud.

• Security and Privacy CIOs must

be able to report to their CEO and

other executives how the company‘s

data is being kept private and secure.

Financially and strategically important

data and processes often are protected

by complex security requirements.

Legacy systems have typically been

highly customised to achieve these goals,

and moving to a cloud architecture can

be challenging. Furthermore, experience

with the built-in, standardised security

capabilities of cloud is still limited and

many CIOs still feel more confident with

legacy systems in this regard.

• Maturity and Performance – The cloud

requires CIOs to trust others to provide

reliable and highly available services.

Unlike on-premises outages, cloud

outages are often highly visible and may

increase concerns

• Compliance and Data Sovereignty –

Enterprises are subject to audits and

oversight, both internal and external (e.g.

IRS, SEC). Companies in many countries

have data sovereignty requirements that

severely restrict where they can host

data services. CIOs ask: which clouds

can comply with these systems and

what needs to be done to make them

compliant?

While many of these concerns can be

addressed by the cloud today, concerns

remain and are prompting IT leaders to

explore private clouds as a way of achieving

the benefits of cloud while solving these

problems. Next, we will explore this in more

detail and also assess the potential tradeoffs.

3.3 Private clouds

Microsoft distinguishes between public

and private clouds based on whether the IT

resources are shared between many distinct

organisations (public cloud) or dedicated

to a single organisation (private cloud).

This taxonomy is illustrated in Figure 20.

Compared to traditional virtualised data

centres, both private and public clouds

benefit from automated management (to

save on repetitive labour) and homogenous

hardware (for lower cost and increased

flexibility). Due to the broadly-shared nature

of public clouds, a key difference between

private and public clouds is the scale and

scope at which they can pool demand.

• Traditional virtualised data centres

generally allow pooling of resources

within existing organisational

boundaries — that is, the corporate IT

group virtualises its workloads, while

departments may or may not do the

Figure 18: Price elasticity of storage. Source:

Coughlin Associates

Figure 19: Public cloud concerns.

Source: Gartner CIO survey

July/August 2012 | 25

same. This can diversify away some of

the random, time-of-day (especially if

the company has offices globally), and

workload-specific variability, but the size

of the pool and the difficulty in moving

loads from one virtual machine to another

(exacerbated by the lack of homogeneity

in hardware configurations) limits the

ability to capture the full benefits. This is

one of the reasons why even virtualised

data centres still suffer from low utilisation.

There is no application model change so

the complexity of building applications is

not reduced.

• Private clouds move beyond

virtualisation. Resources are now pooled

across the company rather than by

organisational unit15 and workloads are

moved seamlessly between physical

servers to ensure optimal efficiency and

availability. This further reduces the impact

of random, time-of-day and workload

variability. In addition, new, cloud-

optimised application models (Platform

as a Service such as Azure) enable more

efficient application development and

lower ongoing operations costs.

• Public clouds have all the same

architectural elements as private clouds,

but bring massively higher scale to

bear on all sources of variability. Public

clouds are also the only way to diversify

away industry-specific variability, the

full geographic element of time-of-day

variability and bring multi-tenancy

benefits into effect.

Private clouds can address some of the

previously-mentioned adoption concerns. By

having dedicated hardware, they are easier

to bring within the corporate firewall, which

may ease concerns around security and

privacy. Bringing a private cloud on-premise

can make it easier to address some of the

regulatory, compliance and sovereignty

concerns that can arise with services that

cross jurisdictional boundaries. In cases

where these concerns weigh heavily in an IT

leader‘s decision, an investment in a private

cloud may be the best option.

Private clouds do not really differ from public

cloud regarding other concerns, such as

maturity and performance. Public and

private cloud technologies are developing

in tandem and will mature together. A

variety of performance levels will be

available in both public and private form,

so there is little reason to expect

that one will have an advantage over

another16. While private clouds can

alleviate some of the concerns, in

the next paragraph we will discuss

whether they will offer the same kind

of savings described earlier.

3.4 Cost trade-off

While it should be clear from the prior

discussion that conceptually the public

cloud has the greatest ability to capture

diversification benefits, we need to get a

better sense of the magnitude. Figure 21

shows that while the public cloud addresses

all sources of variability the private cloud can

address only a subset.

For example, industry variability cannot be

addressed by a private cloud, while growth

variability can be addressed only to a limited

degree if an organisation pools all its internal

resources in a private cloud. We modelled

all of these factors, and the output is shown

in Figure 22.

The lower curve shows the cost for a public

cloud (same as the curve shown in Figure

15). The upper curve shows the cost of a

private cloud. The public cloud curve is

lower at every scale due to the greater

impact of demand aggregation and the

multi-tenancy effect. Global scale public

clouds are likely to become extremely

large, at least 100,000 servers in size, or

possibly much larger, whereas the size of an

organisation‘s private cloud will depend on

its demand and budget for IT.

Figure 22 also shows that for organisations

with a very small installed base of servers

(<100), private clouds are prohibitively

expensive compared to public cloud. The

only way for these small organisations or

departments to share in the benefits of at

scale cloud computing is by moving to a

public cloud.

Figure 20: Comparing virtualisation, private cloud and public cloud. Source: Microsoft

Figure 21: Diversification benefits. Source: Microsoft

15 Aggregation across organisational units is enabled by two key technologies: live migration, which moves virtual machines while remaining operational, thereby enabling more dynamic

optimization; and self-service provisioning and billing.

16 Private clouds do allow for a greater degree of customization than public clouds, which could enhance performance for a certain computational task. Customization requires R&D effort

and expense, however, so it is difficult to make a direct price/performance comparison.

Figure 22: Cost benefit of public cloud. Source:

Microsoft

The economics of the cloud

26 | www.protocolmag.co.za

For large agencies with an installed base

of approximately 1,000 servers, private

clouds are feasible but come with a

significant cost premium of about 10

times the cost of a public cloud for the

same unit of service, due to the combined

effect of scale, demand diversification and

multi-tenancy.

In addition to the increase in TCO, private

clouds also require upfront investment

to deploy – an investment that must

accommodate peak demand requirements.

This involves separate budgeting and

commitment, increasing risk. Public clouds,

on the other hand, can generally be

provisioned entirely on a pay-as-you-go

basis.

3.5 Finding balance today: weighing the benefits of private cloud against the costs

We‘ve mapped a view of how public and

private clouds measure up in Figure 23.

The vertical axis measures the public cloud

cost advantage. From the prior analysis we

know public cloud has inherent economic

advantages that will partially depend on

customer size, so the bubbles‘ vertical

position is dependent on the size of the

server installed base. The horizontal axis

represents the organisation‘s preference for

private cloud. The size of the circles reflects

the total server installed base of companies

of each type. The bottom-right quadrant

thus represents the most attractive areas for

private clouds (relatively low cost premium,

high preference).

We acknowledge that Figure 23 provides

a simplified view. IT for is not monolithic

within any of these industry segments. Each

organisation‘s IT operation is segmented

into workload types, such as email or

ERP. Each of these has a different level of

sensitivity and scale, and CIO surveys reveal

that preference for public cloud solutions

currently varies greatly across workloads

(Figure 24).

An additional factor is that many application

portfolios have been developed over the

past 15-30 years and are tightly woven

together. This particularly holds true for

ERP and related custom applications at

larger companies who have more sizable

application portfolios. Applications that are

more “isolated “such as CRM, collaboration,

or new custom applications may be more

easily deployed in the cloud. Some of those

applications may need to be integrated back

to current on-premises applications.

Before we draw final conclusions, we need to

make sure we avoid the “horseless carriage

syndrome” and consider the likely shift

along the two axes (economics and private

preference).

3.6 The long view: cloud transition over time

As we pointed out in the introduction of this

paper, it is dangerous to make decisions

during the early stages of a disruption

without a clear vision of the end state. IT

leaders need to design their architecture

with a long term vision in mind. We therefore

need to consider how the long term forces

will impact the position of the bubbles on

Figure 23. We expect two important shifts to

take place. First, the economic benefit of

public cloud will grow over time. As more

and more work is done on public clouds, the

economies of scale we described in Section

2 will kick in and the cost premium on private

clouds will increase over time. Customers

will increasingly be able to tap into the

supply-side, demand-side and multi-tenancy

savings as discussed previously. As shown in

Figure 25, this leads to an upward shift along

the vertical axis.

At the same time, some of the barriers to

cloud adoption will begin to fall. Many

technology case studies show that, over

time, concerns over issues like compatibility,

security, reliability and privacy will be

addressed. This will likely also happen for

the cloud, which would represent a shift to

the left on Figure 25. Below we will explore

some of the factors that cause this latter

shift.

Cloud security will evolve

Public clouds are in a relatively early stage

of development, so naturally critical areas

like reliability and security will continue to

improve. Data already suggests that public

cloud e-mail is more reliable than most

on-premises implementations. In PaaS, the

Figure 23: Cost and benefit of private clouds.

Source: Microsoft

Figure 24: Cloud-ready workloads (2010). Source: Microsoft survey question: In the next 24-24

months, please indicate if a cloud offering would augment on-premise offering or completely

replace it.

July/August 2012 | 27

automatic patching and updating of cloud

systems greatly improves the security of all

data and applications, as the majority of

exploited vulnerabilities take advantage of

systems that are out-of-date. Many security

experts argue that there are no fundamental

reasons why public clouds would be less

secure; in fact, they are likely to become

more secure than on premises due to the

intense scrutiny providers must place on

security and the deep level of expertise they

are developing.

Clouds will become more compliant

Compliance requirements can come

from within an organisational, industry,

or government (e.g., European Data

Protection Directive) and may currently be

challenging to achieve with cloud without

a robust development platform designed

for enterprise needs. As cloud technologies

improve and as compliance requirements

adapt to accommodate cloud architectures,

the cloud will continue to become more

compliant and therefore feasible for more

organisations and workloads. This was the

case, for example, with e-signatures, which

were not accepted for many contracts and

documents in the early days of the Internet.

As authentication and encryption technology

improved and as compliance requirements

changed, e-signatures became more

acceptable. Today, most contracts (including

those for opening bank accounts and taking

out loans) can be signed with an e-signature.

The large group of customers who are

rapidly increasing reliance on public

clouds—small and medium businesses

(SMBs) and consumers of Software as

a Service (SaaS)—will be a formidable

force of change in this area. This

growing constituency will continue to ask

governments to accommodate the shift

to cloud by modernising legislation. This

regulatory evolution will make the public

cloud a more viable alternative for large

enterprises and thus move segments

along the horizontal axis toward public

cloud preference.

Decentralised IT (also known as ‘rogue

IT’) will continue to lead the charge

Many prior technology transitions were

led not by CIOs but by departments,

business decision makers, developers, and

end users – often in spite of the objections

of CIOs. For example, both PCs and servers

were initially adopted by end users and

departments before they were officially

embraced by corporate IT policies. More

recently, we saw this with the adoption of

mobile phones, where consumer adoption

is driving IT to support these devices.

We‘re seeing a similar pattern in the cloud:

developers and departments have started

using cloud services, often without the

knowledge of the IT group (hence the

name “rogue clouds”). Many business users

will not wait for their IT group to provide

17 http://open.blogs.nytimes.com/2007/11/01/self-service-prorated-super-computing-fun/

Figure 25: Expected preference shift for public and

private cloud. Source: Microsoft

Figure 26: Increasing adoption of software as a service (SaaS). Source: Gartner

them with a private cloud; for these users,

productivity and convenience often trump

policy.

It is not just impatience that drives “rogue

clouds”; ever-increasing budgetary

constraints can lead users and even

departments to adopt cheaper public cloud

solutions that would not be affordable from

traditional channels. For example, when

Derek Gottfrid wanted to process all 4TB of

the New York Times archives and host them

online, he went to the cloud without the

knowledge of the Times‘ IT department17.

Similarly, the unprecedented pricing

transparency that the public cloud offers, will

put further pressure from the CEO and CFO

on CIOs to move to the public cloud.

CIOs should acknowledge that these

behaviours are commonplace early in

a disruption and either rapidly develop

and implement a private cloud with the

same capabilities or adopt policies which

incorporate some of this behaviour, where

appropriate, in IT standards.

Perceptions are rapidly changing

Strength in SaaS adoption in large

enterprises serves as proof of changing

perceptions (Figure 26) and indicates that

even large, demanding enterprises are

The economics of the cloud

28 | www.protocolmag.co.za

moving to the left on the horizontal axis (i.e.,

reduced private preference). Just a few years

ago, very few large companies were willing

to shift their e-mail, with all the confidential

data that it contains, to a cloud model. Yet

this is exactly what is happening today.

As positive-use cases continue to spur more

interest in cloud technology, this virtuous

cycle will accelerate, driving greater interest

in and acceptance of the cloud.

In summary, while there are real hurdles

to cloud adoption today, these will likely

diminish over time. While new, unforeseen

hurdles to public cloud adoption may

appear, the public cloud economic

advantage will grow stronger with time

as cloud providers unlock the benefits of

economics we discussed in Section 2. While

the desire for a private cloud is mostly driven

by security and compliance concerns around

existing workloads, the cost effectiveness

and agility of the public cloud will enable

new workloads.

Revisiting our “horseless carriage”

analogy, we see that cars became a huge

success not simply because they were

faster and better (and eventually more

affordable) than horse-drawn carriages.

The entire transportation ecosystem had to

change. Highway systems, driver training

programmes, accurate maps and signage,

targeted safety regulation and a worldwide

network of fuelling infrastructure all had

to be developed to enable this transition.

Each successive development improved the

value proposition of the car. In the end, even

people‘s living habits changed around the

automobile, resulting in the explosion of

the suburbs in the middle part of the 20th

century. This created “net new” demand

for cars by giving rise to the commuting

professional class. This behavioural change

represented a massive positive feedback

loop that inexorably made the automobile

an essential, irreplaceable component of

modern life.

Similarly, we believe the cloud will be enabled

and driven not just by economics and

qualitative developments in technology and

perception, but by a series of shifts from IT

professionals, regulators, telecom operators,

ISVs, systems integrators and cloud platform

providers. As the cloud is embraced more

thoroughly, its value will increase.

4. The journey to the cloud

Because we are in the early days of the cloud

paradigm shift, there is much confusion

about the direction of this ongoing

transformation. In this paper, we looked

beyond the current technology and focused

on the underlying economics of cloud to

define the destination – where all of this

disruption and innovation is leading our

industry. Based on our analysis, we see a

long-term shift to cloud driven by three

important economies of scale:

• Larger data centres can deploy

computational resources at significantly

lower cost than smaller ones;

• Demand pooling improves the utilisation

of these resources, especially in public

clouds; and

• Multi-tenancy lowers application

maintenance labour costs for large

public clouds. Finally, the cloud offers

unparalleled levels of elasticity and agility

that will enable exciting new solutions and

applications.

For businesses of all sizes, the cloud

represents tremendous opportunity. It

represents an opportunity to break out of

the longstanding tradition of IT professionals

spending 80 percent of their time and

budget “keeping the lights on”, with few

resources left to focus on innovation. Cloud

services will enable IT groups to focus

more on innovation while leaving non-

differentiating activities to reliable and

cost-effective providers. Cloud services

will enable IT leaders to offer new solutions

that were previously seen as either cost

prohibitive or too difficult to implement. This

is especially true of cloud platforms (Platform

as a Service), which significantly reduce

the time and complexity of building new

applications that take advantage of all the

benefits of the cloud.

This future won‘t materialise overnight.

IT leaders need to develop a new 5- to

10-year vision of the future, recognising

that they and their organisations will play a

fundamentally new role in their company.

They need to plot a path that connects

where they are today to that future. An

important first step in this is to segment

their portfolio of existing applications

(Figure 27). For some applications, the

economic and agility benefits may be very

strong so they should be migrated quickly.

However, barriers do exist today and while

we outlined in section 3 that many of them

will be overcome over time, the cloud may

not be ready for some applications today.

For tightly-integrated applications with

fairly stable usage patterns, it may not make

sense to move them at all, similar to how

Figure 27: Segmenting the IT portfolio. Source: Microsoft

July/August 2012 | 29

some mainframe applications were never

migrated to client/server. While new custom

applications don‘t have the legacy problem,

designing them in a scalable, robust fashion

is not always an easy task. Cloud-optimised

platforms (Platform as a Service) can

dramatically simplify this task.

This transition is a delicate balancing act.

If the IT organisation moves too quickly in

areas where the cloud is not ready, it can

compromise business continuity, security

and compliance. If it moves too slowly, it can

put the company at a significant competitive

disadvantage versus competitors who do

take full advantage of cloud capabilities,

giving up a cost, agility, or value advantage.

Moving too slowly also increases the risk

that different groups or individuals within the

company will each adopt their own cloud

solution in a fragmented and uncontrolled

fashion (“rogue IT”), wresting control over IT

from the CIO. IT leaders who stay ahead of

the cloud trend will be able to control and

shape this transition; those who lag behind

will increasingly lose control.

To lead the transition, IT leaders need to

think about the long term architecture of

their IT. Some see a new role emerging,

that of a Cloud Services Architect, who

determines which applications and services

move to the cloud and exactly when such

a move takes place based on a business

case and a detailed understanding of the

cloud capabilities available. This should start

by taking inventory of the organisation’s

resources and policies. This includes an

application and data classification exercise

to determine which policy or performance

requirements (such as confidential or top

secret data retention requirements) apply

to which applications and data. Based on

this, IT leaders can determine what parts

of their IT operation are suitable for public

cloud and what might justify an investment

in private cloud. Beginning in this manner

takes advantage of the opportunity of cloud

while striking balance between economics

and security, performance and risk.

To accomplish this, IT leaders need a partner

who is firmly committed to the long-term

vision of the cloud and its opportunities,

one who is not hanging on to legacy IT

architectures. At the same time, this partner

needs to be firmly rooted in the realities

of today‘s IT so it understands current

challenges and how to best navigate the

journey to the cloud. IT leaders need a

partner who is neither incentivised to push

for change faster than is responsible nor to

keep IT the same. Customers need a partner

who has done the hard work of figuring out

how best to marry legacy IT with the cloud,

rather than placing that burden on the

customer by ignoring the complexities of

this transformation.

At Microsoft, we are “all in” on the cloud. We

provide both commercial SaaS (Office 365)

and a cloud computing platform (Windows

Azure Platform). Office 365 features the

applications customers are familiar with like

Exchange email and SharePoint collaboration,

delivered through Microsoft‘s cloud. Windows

Azure is our cloud computing platform,

which enables customers to build their own

applications and IT operations in a secure,

scalable way in the cloud. Writing scalable

and robust cloud applications is no easy

feat, so we built Windows Azure to harness

Microsoft‘s expertise in building our cloud-

optimised applications like Office 365, Bing,

and Windows Live Hotmail. Rather than just

moving virtual machines to the cloud, we build

a Platform as a Service that reduces complexity

for developers and IT administrators.

Microsoft also brings to the cloud the richest

partner community in the world. We have

over 600,000 partners in more than 200

countries servicing millions of businesses. We

are already collaborating with thousands of

our partners on the cloud transition. Together

we are building the most secure, reliable,

scalable, available, cloud in the world.

Over the last three decades, Microsoft

has developed strong relationships with

IT organisations, their partners and their

advisors. This offers us an unparalleled

understanding of the challenges faced by

today‘s IT organisations. Microsoft is both

committed to the cloud vision and has the

experience to help IT leaders on the journey.

Microsoft has a long history of bringing to

life powerful visions of the future. Bill Gates

founded Microsoft on the vision of putting

a PC in every home and on every desktop

in an era when only the largest corporations

could afford computers. In the journey

that followed, Microsoft and our partners

helped bring PCs to over one billion homes

and desktops. Millions of developers and

businesses make their living on PCs and we

are fortunate to play a role in that.

Now, we have a vision of bringing the power

of cloud computing to every home, every

office and every mobile device. The powerful

economics of the cloud drive all of us towards

this vision. Join Microsoft and our partners on

the journey to bring this vision to life.

The economics of the cloud

30 | www.protocolmag.co.za

Gerhard Greeff – Divisional Manager at Bytes Process Management and Control

The cloud ... here to stay or fading drizzle?

Will the cloud work for manufacturing? Will

plants accept cloud-based applications? Is

the cloud just a vendor-driven fad?

Introduction

Recent technology developments have been

focused more on collaboration, optimisation,

consolidation, doing more with less, treating

the cloud and IT services as utilities, etc.

Within manufacturers’ organisations, there

has been a profound move by business,

the true owners of applications, to take

back ownership of the business while the

IT department is tasked with providing

an infrastructure that can deliver or make

available these applications securely,

anywhere and on any device.

This trend is quite evident in employees

bringing in their own devices to the offi ce

and demanding to have their enterprise

applications available on them. Employees

and departments are becoming increasingly

self-suffi cient in meeting their own IT needs.

Products and applications have become

easier to use and technology offerings

are addressing an ever-widening range

of business requirements in areas such

as video-conferencing, digital imaging,

employee collaboration, sales force support

and systems back-up, to mention but a few.

Considering the global economic

environment, the business ability made

possible by technology and the above-

mentioned changing consumption of

technology trends, organisations today

have an increasing challenge to maintain

the existing whilst driving innovation to

continuously improve business effi ciency and

profi tability.

Cloud infrastructure concerns

One of the more recent hypes punters

are promoting is cloud services, but is this

technology a real contributor or simply

another vendor-driven fad? Certainly, there

may be success stories in some industries.

But do they really win or are they just

Guinea pigs. I believe only time will tell. The

manufacturing industry is holding out, but at

the 2011 MESA Conference, the theme was

around cloud technology. This indicates that

even within manufacturing, there is at least

some interest.

“What value can this technology bring

to manufacturing?” is the predominant

question manufacturing technologists ask

themselves. The cloud, by nature, is virtual

and not tied to any specifi c hardware or site.

For manufacturing plants specifi cally, this

sounds uncertain and non-secure. Certainly

at Supply Chain and Enterprise level, the

cloud could add value as these systems

do not need to be on-line 24/7/365. But to

what degree can manufacturing plants trust

technology that absolutely, positively has

to deliver all the time. What will happen if

the technology fails to deliver? In the case

of manufacturing plants, at best it will mean

that production stops, at worst someone

may die.

In addition, there are security considerations

at plant level to take into account. How

secure is the cloud infrastructure and does

it suit manufacturing needs? I believe that

adequate security can be applied at cloud

level, but this is normally IT-level security

with levels of encryption that may slow

down the data transfer rates, something true

manufacturing facilities can ill afford. A few

seconds or milliseconds at SCM or ERP level

are acceptable, but makes a huge difference

at a real-time level on the plant fl oor.

Security may thus be a major inhibitor that

may constrain acceptance at plant level.

In South Africa, as with many other countries

on the continent, bandwidth is restricted,

unreliable and prone to failure. the cloud

in its purest form therefore needs to

be considered very carefully in terms of

July/August 2012 | 31

reliability and bandwidth needs. If, for

instance, the Manufacturing Operations

Management (MOM) system is on the cloud,

what would happen at plant level when

the communication fails? So bandwidth

reliability (or lack thereof) is another

constraint on acceptance.

With regards to the application technology

available within manufacturing operations,

I have some concerns as well. I am not sure

how ready MOM technologies are for the

cloud, specifically with regards to host server

(firmware) or VMWare upgrades, patches

and technology upgrades, re-establishing

OPC connectivity, not to mention virus and

other security updates. For some of these,

a hardware re-boot is often required. How

would one go about re-booting a server

running somewhere in the cloud in a virtual

environment sharing hardware with other

applications owned by other companies?

This would not be easy to accomplish and

at best would take hours instead of minutes.

At plant level, where time equates to

production, getting systems up-and-running

fast is the key and delays in achieving this

means loss of production or at least the

missing of a critical plant event or loss of

production data.

Manufacturing solution providers are also

more frequently releasing applications

that run on personal devices such as

smart phones and tablets. Some of these

applications are specifically structured to live

in the cloud. Most of these are only required

to deliver Key Performance Indicators or

critical event information to executives and

not to actually deliver execution ability.

Some manufacturers have expressed

concerns about the mechanisms of data

delivery to these devices and the security of

the data.

In light of the above concerns, it should be

clear why the cloud is not as yet generally

accepted at plant level. Does this mean

that manufacturing facilities should discard

the cloud as “pie in the sky”? My belief

is that they can only do this at their own

peril. There is much to learn from cloud

infrastructure that can be applied to the

benefit of manufacturing plants.

On-site architecture

The concepts of “private cloud”, “on-site

cloud” or “virtualisation” comes to mind.

Virtualising the plant manufacturing

applications from a redundancy and

reliability perspective can bring about great

peace of mind for plant IT people. Having

the infrastructure on-site will alleviate the

fears of outside intrusion and remove the

constraint of unreliable bandwidth.

With a good virtualisation strategy and

infrastructure, manufacturing plants can

save capital and add manufacturing value

About Bytes Process Management and Control (PMC)

PMC delivers an integrated solution

strategy and implementation

practice designed to help

organisations leverage their installed

IT environment and enable them to

increase the ROI from their overall

solution investment.

PMC is a division of BYTES Systems

Integration and operates primarily in

the Manufacturing IT sector. PMC is

highly regarded for its achievements

in implementing integrated MES,

MIS, EMI, SCADA and other plant

automation solutions.

PMC boasts an impressive 15-year

track record of successful consulting

and solution implementations. PMC

specialises in assisting its customers

to achieve operational excellence

by combining their experience in

industrial processes and information

technology to deliver value-adding

solutions. These solutions include all

levels of industrial IT such as:

• Manufacturing application needs

analysis and strategy formulation,

• Enterprise Manufacturing

Intelligence (EMI) solutions,

• Manufacturing Execution Systems

(MES),

• Process monitoring and control

systems (SCADA/PLC),

• Equipment anomaly detection and

failure prediction/online condition

monitoring (OCM), as well as

• Integrating these multi-level

industrial information systems into

the ERP

Figure 1: Manufacturing 2.0 architecture

in the long term. With on-site infrastructure,

plants will have more freedom to control

their own applications and will be more

secure in the knowledge that they own their

hardware and software. The same applies to

The cloud ... here to stay or fading drizzle?

32 | www.protocolmag.co.za

manufacturing enterprises that are reluctant

to hand the control of their applications and

infrastructure to some vendor that lives in

the cloud somewhere.

When one looks at Manufacturing 2.0

architecture for larger enterprises, the cloud

and virtualisation fit right into the basic

concepts. On-site cloud infrastructure can

deliver on most of the MOM requirements

(such as MOM, LIMS and WMS) at plant

level in a virtualised environment. It can

deliver the role-based user interaction,

Operations Process Management,

Enterprise Manufacturing Intelligence as

well as the basic application services and

development administration management.

It will also provide the infrastructure that

enables the Manufacturing Service Bus and

manufacturing Master Data Management.

Global cloud infrastructure can deliver the

same concepts at Enterprise level for SCM,

CRM and ERP applications.

Small manufacturing concerns

When we look at smaller manufacturing

concerns, cloud applications and

infrastructure as well as Software as a Service

(IaaS and SaaS) may be valid business

models to access advanced functionality

that are too expensive by other means. It

does depend on the specific needs of the

manufacturing facility of course, as even for

small operations real-time MOM connectivity

may still be required. But as a strategy it

may be something to consider for smaller

operations.

Conclusion

Cloud infrastructure may not be well

accepted by the more conservative

manufacturing concerns at this time. The

technology has not proven itself to the

degree accepted by the manufacturing

industry but it may just be a question of

time before it does. The cloud also fits in

with other concepts being implemented

by manufacturing enterprises such as

Manufacturing 2.0, so it may just be a

question of time before it is adopted.

For more information, contact :

Gerhard Greeff,

Divisional Manager: Bytes PMC

Cell : (+27) 82-654-0290

Mailto: gerhard.greeff@bytes.co.za

July/August 2012 | 33

An African cloudThanks to access to the latest international

fibre technology and South African know-

how, Africa could rapidly become one of

the most connected continents in the world

while making cloud computing a reality at

the local and international levels.

“There are many challenges in building

data centres around the African continent,”

says Lex van Wyk, MD Teraco Data

Environments, “…but with the rapid growth

in IT requirements, Africa needs a solution to

keep up with the demand. With the recent

growth in fibre capacity along the east

and west coasts, Teraco has identified the

opportunity to offer the ideal data centre

environment to service providers wanting to

provide IT solutions into the local and other

African markets further afield.”

Along with current benefits like free peering,

cost effective interconnects, access to all

major carriers, resilient power, remote

support and high levels of security, Teraco

is the ideal space for the cloud to be

established in Africa. “Our facilities in South

Africa already boast connectivity to all the

undersea cables offering a combined 28

landing points along the East and West

coasts of the continent, as well as all major

carriers operating in SA and several active

cloud providers. This in effect means

the Africa Cloud eXchange is already in

operation,” says van Wyk.

NAPAfrica, was launched in March 2012

providing an open, free and public peering

facility with the aim of making peering

simple and available to everyone. Van Wyk

says that the Africa Cloud eXchange concept

is no different. “We want to provide a highly

secure data centre environment with easy

access to global connectivity providers,”

says van Wyk.

Richard Vester, Director of Cloud Services

at EOH says, “Teraco provides a world-class

data centre facility which meets our unique

SLA requirements and more importantly

allows for our customers to connect from

any network onto their private clouds. The

ability to deliver services on demand across

Teraco’s data centre ensures we meet the

operational requirements of our customers.”

Teraco is the first premier grade data centre

environment in Africa to provide access to a

vendor-neutral colocation space for sharing

and selling cloud services. “The Africa Cloud

eXchange allows South African and African

cloud providers to host their platforms

and offer services from a vendor-neutral,

well connected and highly secure data

centre environment thereby opening up

South Africa to the rest of the continent,”

concludes van Wyk.

For more information,

visit www.teraco.co.za

An African cloud

34 | www.protocolmag.co.za

The role of virtual reality in the process industryVirtual reality has been with us for decades with probably its most impressive manifestation

in flight simulators. If you’ve ever been in one, the experience is so real that after a while,

it’s hard to believe that you’re in an artificial environment. In fact, commercial pilots must

train regularly on simulators to retain their licences.

This technology is now being applied to the industrial environment to familiarise personnel

with aspects of operations, maintenance and safety that would otherwise be costly,

impractical or even dangerous.

Maurizio Rovaglio, Vice President, Solutions Services, Invensys and Tobias Scheele, Vice

President/ General Manager Advanced Applications, Invensys, explain the applications and

benefits of virtual reality in industry.

July/August 2012 | 35

Introduction

Until recently, the use of virtual reality (VR)

had been limited by systems constraints.

Real-time rendering of equipment views

places extreme demands on processor

time and the invariable need for expensive

hardware. As a result, VR solutions were

largely ineffective, being unrealistically slow

or oversimplified.

However, as VR technology continues

to develop, ongoing advances in

hardware processing power and software

development will allow VR to be used as the

interface with computer-based multimedia

activities that include training, process

design, maintenance and safety.

This paper discusses the range of

multimedia VR aids that can be used

economically and effectively to support

computer-based multimedia activities.

Overview

For the purposes of this article, VR is defined

as: “A three-dimensional (3D) environment

generated by a computer, with a run-time

that closely resembles reality to the person

interacting with the environment.”

This environment is further defined as:

• Immersive — where extra computer

peripherals (such as goggles and

gloves) are used to produce the effect

of being inside the computer-generated

environment;

• Non-immersive — the environment is

displayed in a conventional manner on

a display screen and interacts through

standard computer inputs (such as a

mouse or a joystick).

The key feature that VR brings to computer-

aided process engineering is the real-time

rendering capability. This has been used

to great effect in other areas (such as the

gaming, aircraft and medical industries) and

is now poised for use within the process

industry.

The key to an effective virtual environment

system is the close integration of the

enabling hardware with software support

tools. This process, known as systems

integration, demands that operation and

implementation — hardware and software —

be dealt with together.

However, before considering the type of

technology used to implement a VR system

for process purposes, it is useful to consider

the various forms of the virtual environment.

It is assumed that a VR-based system can

only be provided by a head-mounted

display. However, a head-mounted display

may be the wrong device to use for some

applications as it only creates a single-user

experience. Therefore, a broader definition

of VR must be assumed, one that retains

the key attributes of a VR system, for

example, the greater sense of presence and

interaction the user receives when immersed

in a virtual environment.

The technology used to deliver the virtual

environment is very important, whereas

the technology used to create the virtual

environment is critical.

Unfortunately, there is a tendency to think

in terms of head-mounted displays when

considering VR systems, and this narrow

perspective leads to confusion when talking

about other types of VR. The solution is

to use “VR” as an all-embracing term to

cover all forms of VR systems, including

stereoscopic auditorium, 3D localisation

in conventional projection or a mix of

both. Some individuals use the term virtual

environments instead of VR adding further

confusion.

However, it is better to think of a virtual

environment as a computer representation

of a synthetic world. This means a virtual

environment can be defined irrespective

of the delivery technology. But it is not

simply sufficient to produce a lone virtual

environment. Their component parts require

controlling in such a way that the user

believes they are actually immersed in a

real environment. This requires a process/

machinery simulation tool that interacts with

the virtual environment in a tangible action/

reaction mode.

Different forms of delivering VR systems are

defined by their peripheral technologies.

For example, the term “desktop VR” does

not relate to the virtual environment, but the

delivery technology used. Today, a desktop

VR system is generally based on a PC

platform, which employs the latest graphic

systems to provide optimum performance at

a reasonable cost.

Figure 1: Basic 3D visualisation Figure 2: A detailed, photo-realistic environment

The role of virtual reality in the process industry

36 | www.protocolmag.co.za

The route to a simple solution is usually extraordinaryGet an end to end solution tailor-made for your business with Business Connexion’s Professional ServicesWhen it comes to making extraordinary connections, nothing comes close to the human brain. That’s why it’s the inspiration behind our ProfessionalServices. With our unique understanding of your business model, value chains and strategy, we can supply you with an end to end solution that helps youmake the most of your Business Processes, Applications Portfolio, Application Management and third party solutions. With our unique integrated solutions,we can help you build systems that enable you to enhance and grow your business. We call it the amplifying power of Connective Intelligence™.

www.bcx.co.za

July/August 2012 | 37

The route to a simple solution is usually extraordinaryGet an end to end solution tailor-made for your business with Business Connexion’s Professional ServicesWhen it comes to making extraordinary connections, nothing comes close to the human brain. That’s why it’s the inspiration behind our ProfessionalServices. With our unique understanding of your business model, value chains and strategy, we can supply you with an end to end solution that helps youmake the most of your Business Processes, Applications Portfolio, Application Management and third party solutions. With our unique integrated solutions,we can help you build systems that enable you to enhance and grow your business. We call it the amplifying power of Connective Intelligence™.

www.bcx.co.za

38 | www.protocolmag.co.za

The virtual plant

The 3D content section of the VR

environment requires a CAD file as the

basic source of the material. This either can

be in standard 2D, or advanced formats

(such as those created by COMOSFEED™,

SMARTPLANT® and AUTOCAD®). These

programs generate a 3D CAD® file used

to speed up the conversion process

required for photo-realistic, real-time

graphics. Initially, a basic 3D geometry is

created to reflect plant specifications, and

then software such as 3dStudioMax® or

Maya® is used to process graphics details.

This software adds the details and small

adjustments needed to turn a flat CAD into

a photo-realistic product. Various other

tools and applications optimise textures and

illumination to further improve the effect.

Unlike conventional, non real-time

rendering, a real-time program allows

users to move and interact freely within the

environment. Special graphic technology

permits the environment to be rendered at

60 frames a second, compared to one frame

per second in the traditional approach.

Specific optimisation techniques are

required to achieve 60 frames a second that

include the following:

• Level of detail (LOD) geometries, used

where the detail is not needed

• UV maps compression for the illumination

data that is baked on textures

• Texture tiling to prevent pixel wastage

• BSP/portals generation for large-scale

environments

Once the graphics have been created,

the next step is to detach the geometries

that represent the interactive actors. This

is important because it separates dynamic

geometries (those that can move and be

interacted with) from static geometries

(those that cannot).

The final step is to create a collision

geometry that resembles the graphics

geometry. This allows users to collide with

the virtual environment rather than simply

passing through it.

VR platform and architecture

The VR interactive system is a server-centric

distributed application that centralises

scene updates. Therefore, it enables

scene rendering to be carried out on many

concurrent stations. The server synchronises

directly with SimSci-Esscor’s SIM4ME®

simulation engine, so the properties of each

plant element in the VR scene is constantly

updated in time with the process simulation.

Other stations have various roles within the

simulation and are able to communicate

with each other through a network using the

standard TCP/IP protocol.

The server application handles

communication among the various modules

and is responsible for the updated version of

all scene parameters. It retains a copy of the

scene graph — a hierarchical representation

of the 3D scene — that is synchronous with

the one present in each satellite application.

The server application constantly updates

scene graph data, notifying changes via the

network protocol to satellite applications.

These satellite applications are in command

of rendering the visualised data and

providing additional functionality to

users. Meanwhile, the main client station

reproduces the plant environment and

allows users to perform actions on plant

elements (for example opening a valve),

playing the role of Field- Operator. All

actions performed by the virtual Field

Operator are tracked and synchronised with

the other platform elements, including the

process simulator. Outputs can be displayed

on various systems, from standard desktop

monitors and head-mounted displays to

immersive projection systems. Both mono

and stereoscopic vision can be used.

The VR system requires a monitoring station

that centralises all information on a running

simulation. This includes the number and

type of connected stations to the 3D model

used and specific training exercises being

carried out within the simulation. The

monitoring station can be integrated with

the Instructor Station on traditional OTS

systems, giving a single point for managing

a full training session. Events and training

exercises are triggered by the Instructor

Station and transmitted to both the SIM4ME

engine and the VR platform.

IPS’ DYNSIM® and FSIM Plus® interface

directly with the VR system main simulation

modules. They give a fully synchronised

integration between the 3D world and the

process/control simulation. So any action

that the Field Operator carries out in the

3D environment is immediately reflected

in DYNSIM. Conversely, any value that is

updated by DYNSIM is also updated in the

VR platform.

Figure 3: A schematic system architecture

July/August 2012 | 39

Impact of VR on training

The main advantage that VR brings to both

theoretical and conceptual training is that

it allows trainees to become much more

familiar with the layout and operation of

the subject matter. For example, training

on a specific piece of equipment not only

involves 3D models that can be viewed from

any angle, but also allows that equipment

to be set in motion. For integrated systems,

such as complex processes, VR allows

trainees to walk around the 3D model and

improve their spatial awareness of the

plant.

In addition, when integrated with the

detailed DYNSIM simulation environment,

VR techniques can be used to enhance the

representation of process unit behaviour.

There are three main ways for this

integration to be represented:

• A navigational front-end representation

of continuous rather than discrete state

for multi-degree of freedom objects. This

supplies visual feedback only, with no

equipment interaction

• As above but with equipment interaction

• Complete environment emulation (a

synthetic world) by a link between process

simulation models and physical-spatial

models for all training objectives

Note that giving users a fully interactive

view can, in some cases, detract from the

objectives being taught, as it can be a much

more complex system to understand.

The main elements of a training session are:

1. Setting objectives;

2. Outlining contents;

3. Choice of methodology;

4. Assessment.

The VR platform should guide the user

through the development of all the following

elements:

1. Setting ‘training objectives’ highlights

the different options available:

• Technical training focussed on transferring

technical knowledge

• Operational training focussed on skills

and procedures

• Safety training focussed on possible

hazards

• Emergency response; how to react to a

critical situation

• Interpersonal skills training (crew training):

communication, collaborative decision-

making and teamwork

These are all supported by the VR platform.

Some training modules may be solely

devoted to process knowledge, for example

a session that provides greater process

understanding for operators. However, most

training sessions should deal with all the

elements listed above.

2. The majority of the training sessions

will be structured around the learning

of specific tasks. The content is normally

structured in the form of a detailed

account of tasks.

3. The VR platform facilitates good

teaching practice by allowing trainers

to individually match up trainees with

the training mode most suitable for

them. Therefore, some trainers might

introduce tasks slowly in a progressive

learning curve, while others might prefer

that trainees meet the full task in all its

complexity (step-by-step guidance/task

guided mode).

4. VR training allows skills transfer

rather than simply knowledge transfer.

Importantly, it also allows these skills

to be tested. So assessing trainee

performance becomes a simpler task.

Note that the platform also includes

alternative modes to score results from

training sessions.

VR models in process design

Fig. 4 shows an example of iterative and

concurrent process design based on

the use of VR models. The client/EPC is

responsible for the overall design process

while the design teams within construction,

mechanical, control system, etc., are

responsible for the design of the plant

subsystems, (such as process equipment,

building structure and installations). All

design teams are also responsible for

providing correct and updated input data to

the “VR database”. The VR provider, working

for the client, manages all the VR data and

makes updated and corrected VR models

accessible for everyone involved in the

design process.

The VR models from 1 to n in Fig. 4 provide

the design teams with structured and

easy-to-understand design information. This

is done in such a way that is not possible

using a traditional design approach based

on 2D CAD drawings. By navigating in the

models, stakeholders can analyse the design

from both a general and a more detailed

perspective. Moreover, with VR models, it is

easier to explain and discuss different design

solutions with a larger group of stakeholders,

particularly where they have different ways of

interpreting 2D design drawings. This ability

to collect views from different perspectives

Figure 4: An iterative design process with specified VR models in a concurrent and multi-

disciplinary design situation.

The role of virtual reality in the process industry

40 | www.protocolmag.co.za

gives a better and more productive overall

design approach. It also makes it much

simpler to discover and correct collisions

and design errors earlier in the design

phase.

Fig. 5 shows how a VR model identified a

bad design solution, in this case process

water outlets hindering access. Finding a

solution to this type of error after the event

is often highly costly. Such an error also

affects production by generating delays in

the re-scheduling and re-planning of some

activities.

During a trial on the use of VR models,

users commented that a major benefit of

the technology is that it gives a far greater

appreciation of other skilled areas involved

Figure 5: A screenshot extracted from a VR model showing a design solution that would have

blocked the access

Figure 6: A screenshot showing the use of avatars

for investigating the maintainability of the process

machinery in the plant.

in the overall project. It also saves time. Said

one design manager, “I was sceptical at

first. Then I realised that by studying one VR

model I could save a lot of time and be more

focused on important issues rather than

searching through piles of drawings.”

Increasing time-pressure on projects,

partnerships and/or MAC roles is likely to

be the stimulus that enhances collaboration

between stakeholders. This could lead to

a concurrent design approach in which

VR models are used to coordinate and

communicate the design to the client. In

addition, as well as making it easier for

them to make crucial decisions, VR models

can also involve the client in everyday

design work. Being able to quickly sort the

relevant information and present it in an

easy and comprehensible way enables

the client to collect opinions from a

wider audience, such as the operations

and maintenance staff, and to improve

the organisation’s decision-making

procedures.

VR in maintenance tasks

To understand the training aids required

for maintenance training, the first

sensible, logical step is to look at the

task that the trainee is expected to

perform after completing the course.

In process operations, for example,

the organisation of that task is heavily

dependent on the industry sector, the

range of equipment to be maintained

and specific company culture.

Irrespective of the subject matter, however,

in general a maintenance task can be broken

down into the following subtasks:

• Replication - being able to reproduce the

reported fault.

• Identification - being able to accurately

diagnose the source of the fault.

• Rectification - correcting the fault by

taking action appropriate to the policies

of the maintenance establishment.

• Confirmation - checking to see that the

identified fault has been cleared. Each of

the four stages described above requires

a mixture of generic and specific physical

and mental skills.

When using VR facilities, the usual

approach is to train users to have a deep

understanding of both the maintenance task

itself and the science behind the involved

equipment. This means that the structure

of a typical training course includes training

objectives that can be taken from a broader

number of training categories:

1. Initial Theoretical Training

2. Instructor Led Training

3. Systems Appreciation

4. Fault Diagnostics Training

5. Recognition Training

6. Equipment Familiarisation

7. Scenarios Simulation

8. Visual Appreciation

9. Hand/Eye Coordination

10. Spatial Appreciation

For example, in the analysis of an overall

plant working environment, a specially

designed avatar of large size could

mimic the behaviour of operational and

maintenance staff. This is primarily a system

analysis (3, 8, and 10) where working spaces,

escape routes, risky areas and transportation

routes within the plant are investigated from

a logistics viewpoint. The result of such

analysis allows maintenance procedures

to be optimised and highlights if there is a

need to ask a design team for improvements

or modifications.

A second example (see fig. 6) also refers to

spatial appreciation (10), but this time to

improve equipment familiarisation (6) and

hand/eye coordination (9). The operation

July/August 2012 | 41

Figure 7: A virtual fire

of a highly automated industrial process

depends largely on the maintainability

of its process equipment. Because of the

huge economic impact that a failure could

have, preventing such events has a very

high priority. Therefore, to make sure that

maintenance can be properly conducted and

performed on time, maintenance personnel

can participate in training using avatars or

in “first person” through VR models of the

process machinery and layout. Therefore,

maintenance issues involving diagnostics,

timing and procedures can be highlighted

and consequently optimised.

VR in safety

Using VR, field operators feel completely

immersed and perceive the virtual

environment as if it was the real plant. By

simply putting on their goggles, they are

able to see stereoscopically the spatial

depth of the surroundings, walk-through the

virtual plant and “feel” it. 3D spatial sound

contributes to this natural feel, as does the

ability to perform tasks using different hand-

held devices. Once immersed in a virtual

environment where everything resembles

reality, all normal and abnormal situations

can be experimented on and tested by

operators. Any action either in the field or

in the control room is simulated rigorously

in terms of process behaviour with a clear

action/reaction perception. In practice, VR

allows operators to test every abnormal

situation that can be thought of, alongside

little-understood atypical plant behaviours.

Both expected and predictable malfunctions

can be tested in their entirety, up to and

including the disaster that might result. After

all, learning from a virtual disaster can help

avoid the real thing.

The strength of this approach is two-fold:

safety can be tested and experimented

upon as a training tool; and risk-assessors

are better able to identify hazardous

scenarios. Together, they improve the ability

of operators to make the right decisions

at the right times. In other words, VR

makes training, risk assessment and safety

management more effective and realistic

than ever before.

Conclusions

VR provides a 3D computer-generated

representation of a real or imaginary world

in which the user experiences real-time

interactions and the feeling of actually being

present.

VR technology is well developed and

cost-effective, even for smaller organisations

or companies who might be considering

its use. The flexibility of VR-based training

systems means that they are simple to

configure, use and will form an increasingly

important element of new training systems.

The ability to simulate complex processes

by virtual actions means that trainees

experience an environment that changes

over time. At the same time, using computer

models of real equipment is risk free and

allows endless experimentation without the

need to take real equipment off-line and

risk production. This allows users to learn

within computer-generated environments

and gives them the opportunity to make

mistakes and suffer the consequences

without putting themselves at risk.

Overall, VR improves design procedures

and is a far superior training tool to more

traditional approaches. As a result, it saves

both staff time and money.

EYESIM for VR

To meet your virtual reality operator training

needs, Invensys offers EYESIM. EYESIM is

a comprehensive solution linking Control

Room Operators to Field Operators and

Maintenance Operators by means of a

High-Fidelity Process Simulation and Virtual

Walkthrough Plant Environment. EYESIM

provides complete Plant Crew Training

to improve skills that are safety-critical by

enabling operators to perform tasks in

a simulated environment, allowing them

to react quickly and correctly, facilitating

reactions in high stress conditions and

instilling standards for team training and

communications.

The EYESIM solution is comprised of a

modelling engine, powered by SimSci-

Esscor’s DYNSIM; services through the

SIM4ME bridge, and is coupled with a high-

performing Virtual Reality Engine and a high

quality 3D Modelling/Scanning toolset.

The role of virtual reality in the process industry

42 | www.protocolmag.co.za

Cyber security in the power industryWhile Eskom is seen as the principal source of electrical power

in South Africa, many large companies have their own power

generation capability, to the extent that they can contribute to the

national grid.

Many of these facilities are subject to cyber threats that could

severely disrupt production at the local and national level – and

what applies to power generation, applies equally well to many

other industries.

Ernest Rakaczky, Director of Process Control Network Security,

Invensys and Thomas Szudajski, Director of Global Power

Marketing, Invensys, explain the security challenges facing the

power industry.

July/August 2012 | 43

Power industry locks down1. Introduction

Like it or not, the power industry is

susceptible to a variety of cyber threats,

which can wreak havoc on control systems.

Management, engineering and IT must

commit to a comprehensive approach that

encompasses threat prevention, detection

and elimination.

Consider a couple of plausible threat

scenarios:

Cyber- attack scenario 1

Using “war diallers,” simple personal

computer programs that dial consecutive

phone numbers looking for modems, a

hacker finds modems connected to the

programmable circuit breakers of the electric

power control system, cracks passwords that

control access to the circuit breakers, and

changes the control settings to cause local

power outages and damage equipment. He

lowers the settings from, for example, 500

A to 200 A on some circuit breakers, taking

those lines out of service and diverting

power to neighbouring lines. At the same

time, he raises the settings on neighbouring

lines to 900 A, preventing the circuit

breakers from tripping and overloading

the lines. This causes significant damage to

transformers and other critical equipment,

resulting in lengthy repair outages.

Cyber-attack scenario 2

A power plant serving a large metropolitan

district has successfully isolated the control

system from the business network of the

plant, installed state-of-the-art firewalls,

and implemented intrusion detection

and prevention technology. An engineer

innocently downloads information on a

continuing education seminar at a local

college, inadvertently introducing a virus

into the control network. Just before the

morning peak, the operator screens go

blank and the system is shut down.

Although the above scenarios are

hypothetical, they represent the kinds of real

threats facing cyber security experts around

the world. Cyber security has become as

much a part of doing business in the 21st

century as traditional building security was in

the last. While power engineers have always

taken measures to maximise the security and

safety of their operations, heightened global

terrorism and increased hacker activity have

added a new level of urgency and concern.

Many plants are convinced their networks

are isolated and consequently secure,

but without ongoing audits and intrusion

detection, that security could be just a

mirage. Moreover, the growing demand for

open information sharing between business

and production networks increases the need

to secure transactions and data. For power

generating companies, where consequences

of an attack could have widespread impact,

the need for cyber security is even more

pressing.

A recent U.S. General Accounting Office

report, titled Critical Infrastructure

Protection, Challenges and Efforts to Secure

Control Systems, offered the following

examples of actions that might be taken

against a control system:

• Disruption of operation by delaying or

blocking information flow through control

networks, thereby denying network

availability to control system operators

• Making unauthorised changes

to programmed instructions in

programmable logic controllers (PLCs),

remote terminal units (RTUs) or distributed

control system (DCS) controllers, changing

alarm thresholds or issuing unauthorised

commands to control equipment. This

could potentially result in damage to

equipment, premature shutdown, or

disabling of control equipment.

• Sending false information to control

system operators either to disguise

unauthorised changes or to initiate

inappropriate actions by system operators

• Modifying control system software,

producing unpredictable results

• Interfering with operation of safety

systems

Historically, control system vendors have

dealt with such threats by focusing on

meeting customer specifications within

guidelines and metrics set by industry

standards groups such as the Institute

of Electrical and Electronics Engineers

(IEEE) and Instrument Society of America

(ISA). Indeed, much of this compliance

was designed into proprietary equipment

and applications, which were beyond the

skills of all but the most determined cyber

attacker. Increasingly, however, process

control networks are better equipped for

gathering information about generation

and distribution and sharing it with business

networks using standard communications

protocols such as Ethernet or IP. These open

protocols are being used to communicate

between dispatch, marketing, corporate

headquarters and plant control rooms as

well. While such sharing enables more

strategic management of enterprise assets,

it does increase security requirements.

2. Open exposure

The open and interoperable nature of

today’s industrial automation systems - many

of which use the same computing and

networking technologies as general purpose

IT systems - requires engineers to pay close

attention to network and cyber security

issues. Not doing so can potentially lead to

injury or loss of life; environmental damage;

corporate liability; loss of corporate license

to operate; loss of production, damage to

equipment; and reduced quality of service.

Such threats can come from many sources,

external and internal, ranging from terrorists

and disgruntled employees to environmental

groups and common criminals. Making

matters worse, the technical knowledge,

skills and tools required for penetrating

IT and plant systems are becoming more

widely available. Figure 1 shows that as the

incidence of threats increases, the level of

Power industry locks down

44 | www.protocolmag.co.za

sophistication necessary to implement an

attack is decreasing, making it all the easier

for intruders.

Many companies are bracing for the worst.

Major power producers, for example, have

begun paying greater attention to security,

as manifested by active participation in

industry standards groups, including the

Department of Energy, the Federal Energy

Regulatory Commission, and the North

American Electric Reliability Council.

Power producers have also been putting

more pressure on automation suppliers and

their partners to accelerate development of

technologies that will support compliance

with emerging standards. The power industry

is looking to non-traditional suppliers to

improve control room design and access,

operator training, and procedures affecting

control system security that lie outside the

domain of control system vendors.

3. Not just an engineering problem

While power engineers will play a critical

role in hardening power operations against

intruders, collaboration and support of

both corporate management and the

IT department is essential. A company-

wide vulnerability audit of a large U.S.

utility revealed some areas of technical

vulnerability in the control system, but most

of the findings had to do with organisational

issues:

• Lack of plant-wide awareness of cyber

security issues in general

• Inconsistent administration of systems

(managed by different business units)

• Lack of a cyber security incident response

plan

• Poor physical access to some critical

assets

• Lack of a management protocol for

accessing cyber resources

• Lack of a change management process

• Undocumented perimeter access points

• Lack of a disaster recovery plan

• Inability to measure known vulnerabilities

Corporate management must first

acknowledge the need for secure

operations. Then, because few companies

will have the resources to harden all

processes against all possible threats,

management must guide development of

a security policy that will set organisational

security priorities and goals. Finally,

companies must foster collaboration among

all layers of management, IT and project and

plant engineering. Project engineers need

to understand the security risks and possible

mitigation strategies. IT, which brings much

of the security expertise, must understand

the need for real-time availability to keep

units online.

With priorities in place, engineering and

IT can work together to create a plan that

should, at a minimum, address the following

issues:

• An approach to convergence of IT and

plant networks

• A process for managing secure and

insecure protocols on the same network

• Methods for monitoring, alerting and

diagnosing plant network control systems

and their integration with the corporate

network

• A method for retaining forensic

information to support investigation/legal

litigation

• A means of securing connectivity to

wireless devices

Management must also recognise that

investment in prevention will have a

far greater payback than investment in

detection and removal. Although investment

in the latter areas may be necessary to ward

off immediate threats, focusing on activities

that prevent attacks in the first place will

reduce the need for future detection and

removal expenditures.

Embracing open standards in the age

of cyber-terrorism is another pressing

management issue. While sticking with

proprietary technologies may seem much

less vulnerable to intrusion, doing so will

limit reliability, availability and efficiency

improvements that could be available from

integration of digital technologies and

advanced applications. In fact, proprietary

technology could become even more

expensive as vendors seek to recover the

cost of additional hardening that may still

be needed, since these systems are secure

owing only to their obscurity, not to some

inherent capability. Management support at

the highest levels will help ensure that any

technical hardening is implemented most

strategically and cost-effectively.

Figure 1: Attack sophistication versus intruder knowledge.

July/August 2012 | 45

Find out how Invensys can help secure your future:Logon to www.invensys.co.za for a whitepaper, brochure, customer success stories and migration video.

Invensys provides a path to keep your automation and control system continuously current with

cost effective modernisation solutions, regardless of your system’s age or vintage.

Staying competitive means continuously improving the assets of your plant, throughout its productive life.

46 | www.protocolmag.co.za

4. A prevention-based cyber security architecture

One of the most effective ways to implement

a prevention-based, standards-driven cyber

security architecture is to segment the

network into several zones, each of which

would have a different set of connectivity

requirements and traffic patterns. Firewalls

placed at strategic locations provide the

segmentation. Intrusion detection and

prevention systems are also deployed at

key locations and alerts are reported to

a monitoring centre. Figure 2 illustrates

a multi-zone cyber security architecture,

consisting of five segments:

• The Internet Zone, which is the

unprotected public Internet

• The Data Centre Zone, which may be a

single zone or multiple zones that exist at

the corporate data centre, dispatch and

corporate engineering

• The Plant Network Zone, which carries

the general business network traffic

(messaging, ERP, file and print sharing,

and Internet browsing). This zone may

span multiple locations across a wide area

network. Traffic from this zone may not

directly access the Control Network Zone

• The Control Network Zone, which has

the highest level of security, carries the

process control device and application

communications. Traffic on this network

segment must be limited to only the

process control network traffic as it is

very sensitive to the volume of traffic and

protocols used

• The Field I/O Zone, where

communications are typically direct hard

wired between the I/O devices and their

controllers. Security is accomplished by

physical security means.

An extra level of control - commonly

implemented as DMZs on the firewall - is

often added for supplemental security.

These supplemental zones are typically used

for data acquisition, service and support, a

public zone and an extranet sub-zone.

The Data Acquisition and Interface Sub-Zone

is the demarcation point and interface for all

communications into or out of the process

control network. This sub-zone contains

servers or workstations that gather data

from the controls network devices and

make it available to the plant network.

The Service and Support Sub-Zone is

typically used by outsourcing agencies,

equipment vendors or other external

support providers that may be servicing

the controls network. This connection

point should be treated no differently

than any other connection to the outside

world and should therefore utilise strong

authentication, encryption or secure VPN

access. Modems should incorporate

encryption and dial-back capability.

Devices introduced to the network should

use updated anti-virus software. This last

item is particularly important for service

providers, who will often bring a PC into

the plant for analysis. An example is turbine

monitoring. What’s more, power companies

should audit outsourcing providers for

adequate security measures.

The Public Sub-Zone is where public facing

services exist. Web servers, SMTP messaging

gateways and FTP sites are examples of

services found in this sub-zone.

The Extranet Sub-Zone is commonly used to

connect to the company’s trading partners.

Partners connect to these by various

methods including dialup, private lines,

frame-relay and VPN. VPN connections

are becoming more common due to

the proliferation of the Internet and the

economy of leveraging shared services.

Firewall rules are used to further control

where the partners are allowed access as

well as address translation.

5. Securing the business network

The two most critical components of data

centre security are a perimeter firewall and

an internal firewall. The perimeter firewall

controls the types of traffic to and from the

public Internet while the internal firewall

controls the types of internal site-to-site

traffic and site-to-data centre traffic. The

internal firewall is essential for controlling

or containing the spread of network-borne

viruses. It also restricts types of traffic

allowed between sites and provides and

protects the data centre from internal

intruders.

6. Securing the plant control networks

At the plant control network level are the

firewall, intrusion detection and prevention

technology, modems, and wireless access

points - all of which are integrated with a

communications infrastructure involving

equipment such as routers, bridges and

switches.

Firewalls restrict the types of traffic allowed

into and out of the control network zone,

and can be configured with rules that

permit only traffic designated as essential,

triggering alarms for noncompliant traffic.

Alarms should be monitored 24/7, either by

an internal or third party group. In addition,

each unit’s network should be isolated,

in particular from remote sites. This is

extremely important for recovery.

The firewall should use a logging server to

capture all firewall events either locally or

in a central location. One can, for example,

configure the firewall to allow remote telnet

access to the control network, but while the

firewall can monitor access to connections,

it cannot provide information about what

someone might be attempting to do with

those connections. A hacker could be

accessing the control system through telnet

and the firewall would have no way of knowing

whether the activity is from friend or foe. That

is the job of Intrusion Detection Systems (IDS)

and Intrusion Prevention Systems (IPS), which

can detect usage patterns.

An IDS monitors packets on a network wire

Figure 2: Multi-zone cyber security architecture.

July/August 2012 | 47

and determines if the observed activity is

potentially harmful. A typical example is a

system that watches for a large number of

TCP connection requests to many different

ports on a target machine, thus discovering

if someone is attempting a TCP port

scan. An IDS may run either on the target

machine, which watches its own traffic, or

on an independent machine such as an IDS

appliance (also referred to as Host IDS).

An IPS complements the IDS by blocking

the traffic that exhibits dangerous behaviour

patterns. It prevents attacks from harming

the network or control system by sitting in

between the connection and the network

and the devices being protected. Like an

IDS, an IPS can run in host mode directly on

the control system station, and the closer

to the control system it is, the better the

protection.

Modems connect devices asynchronously

for out-of-band access to devices. Because

modems can connect outside directly

through public carriers, they are unaffected

by security measures and represent a

significant point of vulnerability. At the

very least, any modem with links to the

main control network should be a dial-back

modem, which will not transmit data until

it receives dial-back authentication from

the receiving system. For sensitive data,

encryption is also recommended.

Wireless access points are radio-based

stations that connect to the hard-wired

network. Wireless communications can

be supported if implemented securely.

Solutions provided must be capable of

both preventing unauthorised access and

ensuring that data transmitted is encrypted

to prevent “eavesdropping.” For maximum

flexibility, devices must be capable of data

encryption with dynamic or rotating keys;

filtering or blocking Media Access Control

(MAC) addresses that uniquely identify each

network node; disabling broadcasting of

Service Set Identifiers (SSID), passwords

that authorise wireless LAN connections;

and compliance with 802.11 and 802.1x

standards. Consumer grade equipment is

not recommended and VPN connection

with software clients is preferable to WEP

or proprietary data encryption. This allows

support for multi-vendor wireless hardware

with a common solution.

VPN concentrators are devices that

encrypt the data transferred between the

concentrator and another concentrator or

client based on a mutually agreed upon key.

This technology is most widely used today

to allow remote users to securely access

corporate data across the public Internet.

The same technology can be used to add

additional security accessing data across

wireless and existing corporate WANs. In

lieu of a separate VPN concentrator, it is

possible to utilise VPN services that are

integrated with the firewall.

While the firewalls, IDS, IDP and encryption,

add the greatest hardening, they must work

in tandem with the existing communications

infrastructure. The job of the routers, hubs,

bridges, switches, media converters and

access units is to keep network information

packets flowing at the desired speed

without collision. The more network traffic is

routed, segmented and managed, the more

easily any intrusion can be contained and

eliminated.

Although some of these systems do have

certain levels of security functionality built

in, it is not wise to rely on that to protect

mission-critical data. Routers, for example,

can be configured to mimic basic firewall

functionality by screening traffic based on

an approved access list, but they lack a

hardened operating system and other robust

capabilities of a true firewall.

7. Planned-in prevention

Developing a prevention approach to

plant control systems will require a new

approach to network security between the

plant network layer and business/external

systems. It is an ongoing process that

begins with awareness and assessment,

continues through the creation of policy

and procedures and the development of

the security solution, and includes ongoing

security performance management.

Some of the key activities for the awareness

and assessment phase include defining

security objectives, identifying system

vulnerabilities, establishing the security

plan and identifying the key players on

the security team. In this phase, one is

determining which networks are involved

and how isolated they are from each other.

Is there a DCS for common systems, coal

handling, service water, for example? How

vulnerable are remote facilities, such as

landfill and water treatment?

At the policy and procedures phase, one

would review safety and security aspects of

established industry standards such as ISO

17799, ISA-SP99, META, and CERT along

with regulatory drivers, such as those offered

by FERC, NERC, and DOE. Local regulatory

requirements related to site security and

safety must also be considered.

The security solution phase is where

one would focus on technologies and

processes for system access control,

perimeter security and isolation, identity and

encryption, intrusion detection and system

management. In the security program

performance and management phase, one

would address continual monitoring and

alerting, yearly audits, periodic testing and

evaluation, and continual updating of system

requirements.

Following the procedures defined above

will not guarantee immunity from cyber

attack, but will ensure that the risk has been

managed as strategically and cost-effectively

as possible.

Power industry locks down

48 | www.protocolmag.co.za

John Coetzee – Business Development Director, Aristotle Consulting (Pty) Ltd.

Control and Automation security: Fort Knox or swing-door

Introduction

Fort Knox is a (gold) bullion repository

located in Kentucky. It was built in 1936 on a

military base and has walls of granite, steel

and concrete to protect its exterior. The

building can be completely isolated and

supply its own water and power for a limited

period. The vault is sealed with a 20-ton

steel door. The combination to enter the

vault is split across different personnel, so no

one person knows the entire combination.

The building, under the control of the USA

Mint, is currently guarded by over 20 000

soldiers, making it one of the most secure

locations on the entire planet1.

In contrast, a swing-door is defi ned as “A

door that is opened by either pushing or

pulling from either side (i.e. opens both

ways) and is not normally capable of being

locked2”.

Hopefully, your security is neither Fort Knox

(no-one will ever be able to get anything

done) nor a swing-door (nothing will ever be

controlled).

Background

Events over the last decade have resulted

in far greater legal and governance

requirements being placed on corporates,

including in the IT arena. The South African

response has largely been addressed by

the King III code of practice4. King III has an

entire section dedicated to IT governance

and management and how it relates to

the Corporate Board, section 5 – The

governance of information technology. This

section goes on to prescribe that the board

must take responsibility for IT governance

as well as delegation of responsibility to

IT management for the implementation of

an IT governance framework. IT needs to

form part of the risk management of the

organisation. In Section 5.6.1 it specifi cally

refers to information security and the need

for management systems. In order to comply

with these best practices requirements,

corporates often refer to international

standards such as CobiT.

The CobiT5 standard references the

word “security” over 250 times and has

entire sections dedicated to the effective

management of security within IT. CobiT

goes on to defi ne Information Technology

Figure 1 - Fort Knox Bullion Depository (Wikipedia3)

July/August 2012 | 49

About Aristotle Consulting

Aristotle Consulting offers consulting and

training services to the Systems of the

Manufacturing Industry. Aristotle Consulting

can assist in developing and implementing your

security plan. Aristotle Consulting specialises

in providing consulting in best practice for your

entire Manufacturing Systems portfolio.

as the hardware and software that facilitate

the input, output, storage, processing, and

transmission of data with no distinction

made based on the application of these

elements. This implies that the standard

is equally applicable to Control and

Automation (C&A) equipment and software.

Security approach

The goals of IT security are to:

• Protect C&A assets

• Control access to critical / confidential

information

• Ensure information exchanges between

systems are trustworthy

• Resist attack from external disaster or

sabotage

• Ensure failure recovery

• Maintain information and processing

integrity.

So, how do you approach a security model

for C&A? Below is a recommendation based

on the CobiT standard.

• Define a C&A security and risk plan,

implemented into policies and

procedures.

• Define a security, risk and compliance

responsibility model.

• When acquiring new technology,

implement the security and audit

measures as part of the installation and

commissioning.

• Manage changes to your environment

with a clear change management

procedure, including impact assessments,

authorisation mechanism, change tracking

and change completion.

• Manage the physical environment by

defining and implementing access control

policies.

• Monitor and evaluate the internal control

mechanisms periodically to identify

deficiencies and continuously improve

these mechanisms.

• Record, manage and address security

incidents.

Conclusion

The use of “traditional IT” equipment

is now pervasive in C&A systems and

architecture. This now should be managed

and governed according to requirements

based locally on King III. In order to achieve

this, look to international best practice on

how implement this, such as CobiT, which

presents a useful model. Aim for a security

model that is neither Fort Knox nor a swing-

door, but has a suitable level of control,

risk management and ease of use for your

organisation.

References

1. HARGROVE, J., 2003, Fort Knox Bullion

Depository, Dayton: Teaching & Learning

Company.

2. WIKTIONARY, 2011 [Online] Available

at www.wiktionary.ord/wiki/swing_door

[Accessed on 9 May 2012].

3. WIKIPEDIA, 2012 [Online] Available at

http://en.wikipedia.org/wiki/Fort_Knox_

Bullion_Depository [Accessed on 9 May

2012].

4. KING III, 2009. King III Code of

Governance for South Africa 2009, Institute

of Directors. [Online] Available at: http://

african.ipapercms.dk/IOD/KINGIII/

kingiiicode/ [Accessed on 10 April 2012].

5. COBIT, 2007, 4.1 ed., IT Governance

Institute. Rolling Meadows.

For more information contact:

John Coetzee

Business Development Director

Aristotle Consulting (Pty) Ltd

Landline: +27 79 517 5261

Mailto: info@aristotleconsulting.co.za

Web site: www.aristotleconsulting.co.za

Find us on Linked In: http://www.linkedin.

com/profile/view?id=60025171&trk=tab_pro

Control and Automation security: Fort Knox or swing-door

50 | www.protocolmag.co.za

Eskom conforms to legal emission

limits with help from Wonderware

The measurement of stack emissions at coal-fired power stations is of high importance to Eskom as

exceeding the emission limits may result in the forced shutdown of generating units. These emission

levels are imposed by legislation and must therefore be monitored and alarmed continuously.

July/August 2012 | 51

About Eskom Holdings Limited

Eskom generates approximately

95% of the electricity used in South

Africa and approximately 45% of

the electricity used in Africa. The

company generates, transmits and

distributes electricity to industrial,

mining, commercial, agricultural

and residential customers and

redistributors. The majority of sales

are in South Africa. Other countries

of southern Africa account for a small

percentage of sales.

Additional power stations and major

power lines are being built to meet

rising electricity demand in South

Africa.

Eskom buys electricity from and

sells electricity to the countries of

the Southern African Development

Community (SADC). The future

involvement in African markets

outside South Africa (that is the

SADC countries connected to the

South African grid and the rest of

Africa) is currently limited to those

projects that have a direct impact on

ensuring a secure supply of electricity

for South Africa.

The Current Eskom Power Generation Fleet:

(One Unit = One boiler + one generator)

To address the problem, system integrator

Bytes Systems Integration used Wonderware

solutions to implement a comprehensive

emission monitoring system which is flexible

enough to handle geographically-dispersed

data sources while complying to various

business rules. The result is a system which

is helping to ensure the supply of electricity

while minimising the impact on the

environment.

Background

The combustion of coal produces almost as

much carbon emissions as the combustion

of petroleum (figure 1). What can we do

about the more than two gigatons of carbon

released into the atmosphere in the form of

carbon dioxide every year? The answer is;

“not much” unless you treat the problem

at its source – which is exactly what Eskom

has been doing for several decades. 95%

of Eskom’s generating capacity comes from

coal, and ash emissions from Eskom’s coal-

fired power stations have reduced by more

than 90% since the early 1980s due to the

installation of efficient pollution abatement

technology and the decommissioning of

older plant.

“Without treatment, we would be spewing

concentrations of 30 000 to 60 000 mg

of ash/normal cubic metre into the

atmosphere,” says Dr. Kristy Ross, senior

consultant at Eskom. “But with the use of

abatement technology such as electrostatic

precipitators or fabric filter plants, more

than 99% of ash is removed from flue gas

stream providing a particulate emission

concentration of usually less than 200 mg/

normal cubic metre.”

Getting legal

Every power station has an emissions licence

with which it needs to comply. This ensures

that the environment and health of people in

the vicinity of power stations are not affected

negatively. The emissions licence specifies

two limits – a ‘normal’ operating limit, which

emissions must be below for 96% of the

time and a ‘cap’ limit, which emissions must

never exceed. For example, Lethabo Power

Station’s licence limits are:

• Normal limit: 75 mg/Nm3

• Cap limit: 300 mg/Nm3

• Grace period: 90 hours per stack (three

units). Time given to rectify malfunctions

such as poor quality coal, equipment

breakdown, etc. The normal limit can be

exceeded for this time, but emissions

must remain below the cap limit.

Staying within these legal requirements,

however, isn’t plain sailing. Because of

the capacity shortage, shutdowns for

maintenance or repair are reduced to a

minimum which means that equipment isn’t

Figure 1: The main contributors to global fossil carbon emissions

“This is definitely going to form part of our Peak Hour Risk Analysis”

Vusi Shabangu, Head Office Generation Control Centre Shift Manager

Eskom conforms to legal emission limits with help from Wonderware

52 | www.protocolmag.co.za

“This project proves once again that the Wonderware System Platform can be used to add tremendous value to any organisation. The flexibility of System Platform enabled us to connect to multiple source systems and applications to deliver critical decision-making information to the highest levels of the company.”

Gerhard Greeff, Bytes Process Management and Control

necessarily operating at maximum efficiency.

Varying coal qualities and high load factors

also contribute to the difficulty of complying

with the legal emission limits.

“Under exceptional circumstances, where

taking a unit off load would result in

load-shedding, we ask the authorities for

short-term exemption from the emission

licence rules, usually from the normal limit,”

says Dr.Ross.

The problem

Control room operators at power stations

must keep a constant lookout for potential

emission problems that might exceed the

set legal limits. In the case of such an event,

it might be necessary to exercise what’s

known as “load loss” but this will have a

ripple effect in that another power station

will be required to take up the slack by

ramping up its production.

The solution

“Given the scope of the problem and

Eskom’s nation-wide footprint of 13

operational coal-fired power stations, it

was decided that emission status should be

centrally monitored and controlled in real-

time from the Integrated Generation Control

Centre at Megawatt Park,” adds Dr. Ross.

This would allow the information to be

available remotely through a user-friendly

interface so that environmental specialists

could take the necessary action to control

some complex processes. Top executives

also needed access to this information via a

web-interface.

In short, the project goals were to:

• Prevent financial and production losses

caused by forced outages.

• Prevent environmental degradation and

fines from authorities due to exceeded

emission limits.

• Deliver real-time KPI dashboards and

reports.

• Give early warning alarms before emission

limits are exceeded, enabling preventative

measures to be implemented.

Solution selection

System Platform (ArchestrA)-certified system

integrator Bytes Systems Integration was

chosen for the project because of the

company’s long-standing and successful

relationship with Eskom, notably in the

Enterprise Manufacturing Intelligence (EMI)

field of which this project forms part.

Due to its ease of integration with other

initiatives and customisation capabilities

as well as its scalability, Bytes would use

the existing Wonderware infrastructure

consisting of System Platform (ArchestrA),

Historian, Historian Client (ActiveFactory),

InTouch (SCADA/HMI), Information Server

and Alarm Provider.

Implementation

Figure 3 shows the interaction necessary

between all the players. Aggregated hourly

averages from each power station is sent to

Megawatt Park who can make the necessary

operational decisions.

Machiel Engelbrecht of Bytes explains: “For

example, during start-up after shutdown, a

unit’s emissions will be higher than during

normal operation. So it’s important to know

when a unit is about to come on line, how

long it was off and how long the higher

emission level is likely to last. This helps

apply for the necessary exemption from

the authorities. In addition, the supplied

information places Megawatt Park is in

a good position to initiate preventative

measures and to ensure optimal load

distribution in the event of a shutdown due

to excessive emissions.”

The geographically-dispersed historians

are used as the base for real-time

information and this is then compared to

targets, plans and projections from other

transactional systems such as information

supplied by National Control (Simmerpan

- Germiston).

Trending information is required to monitor

the emission levels over certain time periods

and this is done with ActiveFactory. Aspects

of the Wonderware Historian Client are also

used to calculate the hourly time-weighted

averages.

Wonderware’s Information Server is used to

Figure 2: Cause and effect – High load demand resulted in emissions exceeding the cap limit which

initiated “load loss” which, in turn, brought emissions to within the legal limits.

July/August 2012 | 53

for the operators at the stations as it is a

product with which they are familiar. We

used MSSQL to extract the time-weighted

hourly averages from the Wonderware

Historian.”

The main beneficiaries of the system’s

information are senior consultants

from Environmental Management who

generate reports for the authorities. Other

beneficiaries include top executives and

head office Generation Control Centre

personnel, especially those involved with the

early warning system which involves risk and

strategic analysis.

The system is integrated with the legal

documentation of the authorities and client.

It is also integrated with a number of other

transactional and web-based systems within

the business infrastructure.

Benefits

• Weekly reports are now supplemented

with hourly monitoring – no more “after

the fact” initiatives

• Early warnings of possible forced load

losses – allows for pro-active decision-

making

distribute data and information where it can

be monitored from any client workstation.

A single dashboard for each thermal power

station was developed showing hourly

emission values together with their specific

limits and for how long the normal limit

was exceeded. Additionally any applicable

exemptions to the limits are also shown

and the system adapts automatically. Early

warnings are raised when the emission

“I cannot believe how quickly this system was implemented”

Dr Kristy Ross, senior consultant, Eskom

“Due to the integration, scalability and versatility of the various Wonderware solutions used, it was possible to deliver a sophisticated system quickly for a process which was previously accomplished manually due to its complexity.”

Machiel Engelbrecht, Bytes Systems Integration

Figure 3: System flow diagram (Eskom WAN)

Figure 4: Desktop “widgets” alert supervisors of critical conditions and help them drill down to the cause through easy-to-understand dashboards.

values get within 20% of the acceptable

limits where the right decision can be made

to prevent penalties and unit shutdowns.

A simplified robot on the dashboard gives

a quick overview of the stations’ status

from where the user can drill down to more

detailed information.

The first three Power Stations’ emission

monitoring was delivered within a month.

This was followed by training of head office’s

control centre operators, environmental

consultants, managers and station

personnel.

Bytes enlisted the help of environmental

specialists from Eskom to provide scenarios

and business rules. They also interacted

with various system owners within the

organisation for access to data. All the

development and tests were done on a

live system. “The end-user was helpful by

entering manual data such as exemption

information, in parallel to their existing

process,” says Engelbrecht. “This speeded

up delivery as all values could be verified in

real time. Excel was used as an input form

Eskom conforms to legal emission limits with help from Wonderware

54 | www.protocolmag.co.za

• Real-time KPI dashboards and reports –

presents a window on reality rather than

history

• 24 Hour monitoring and alarming –

follows the business Eskom is in

• Enables preventative measures to be

implemented – early detection of trends is

crucial to minimising downtimes

• Ensures compliance with emissions

licence – elimination of environmental

degradation and fines as far as possible

• Real-time monitoring of plant

performance – provides symptoms of

potential problems before they affect

service deliv

Figure 5: System topology for each coal-fired power station (only Lethabo power station shown)

Conclusion

Eskom’s vast resources literally run South

Africa. Many people do not fully understand

the consequences of not having them. Quite

simply, Eskom is responsible for the way we

run our lives and it is encouraging to see the

steps the company is taking to ensure the

continuity of that way of life.

So, the next time you experience a blackout,

it may not be due to insufficient generating

capacity but to ... ash. Thankfully, that

particular source of annoyance is being

minimised rapidly through Eskom’s proactive

initiatives.

July/August 2012 | 55

Thin client computing for virtualisation and SCADAThin clients - Affordable terminals

In the 1970s and 80s, the PC revolution

gained momentum because PCs freed

people from the “big brother” syndrome

of mainframes by putting intelligence and

computing power to use on a “one-per-

desk” basis. And this is still the case today.

But there are those instances where going

back to that earlier concept but using today’s

technology is by far the more practical and

cost-effective alternative.

Thin-client terminals provide a low-

cost alternative for system expansion while

increasing reliability. They are an ideal and

cost-effective solution for client/server

architectures featuring InTouch for Terminal

Services software.

These compact, lightweight, robust

industrial thin-client terminals are available

as an ACP ThinManager-ready client or a

thin client for Microsoft operating systems.

Rugged and reliable, thin client terminals

have no moving parts. There is no need to

worry about client system reconfiguration or

data loss.

Features and benefits

• Thin client computers are available as

ACP ThinManager-ready or with the

Microsoft Windows CE operating system

• Compact, reliable and robust hardware

with no moving parts

• Consistent operator interface from

supervisory to operator panels

• A standardised, maintainable approach to

supervisory and HMI systems

• Reduced hardware, maintenance and

lifecycle costs

• Reduced software administration and

management costs

• Lower support costs

Decrease your total cost of ownership

Thin client computers can decrease the total

cost of ownership for plant floor systems in

all of the following ways.

Reducing hardware costs

Thin client computers are affordable yet

flexible, durable and reliable. They are

usually factory-tested, certified and ready to

install right out of the box.

Standardising on one software platform

InTouch software can be used as part

of a thin-client/server architecture,

in standalone thick clients or as the

visualisation tool within the Wonderware

System Platform architecture. 

Decreasing administration and maintenance costs

System programmes and applications

are hosted on a centralised server, so

software enhancements, migration,

upgrades and deployment are simplified.

No programmes or system configurations

are required at the client level whenever

application changes occur.

Increasing security and reliability

Since all applications and critical data

are stored on a centralised server, it is

much easier to secure information at the

client level. Thin client computers are ideal

for locked-down local applications

and are less vulnerable to unauthorised

system data modifications and virus

infections. These thin-client terminals also

provide exceptional reliability because

there are no moving parts such as hard

drives and fans, making them ideal

for environments that are too harsh

for conventional PCs.

Applications

Thin client computers are ideal for

visualising, monitoring and controlling

machine or process operations. For

applications already using InTouch

for Terminal Services software or ACP

thin-client management and configuration

software, alternative thin client terminals of

choice can be a drop-in replacement.

Replacing legacy graphical operator

panels with Wonderware’s Thin Client

Computers can eliminate communication

gaps between traditional operator panels

and supervisory level HMIs. Thin clients used

as operator panels reduce hardware costs

while increasing

reliability and uniting

disparate sources of

information.

Thin client

computers are

also excellent

for SCADA/

HMI applications

requiring remote,

secure and locked-

down operations,

Virtualisation makes the most of server power and technology which negates the need for intelligence at the PC level making Thin Clients the obvious, cost-effective replacement for traditional desktop PCs.

Thin client computing for virtualisation and SCADA

56 | www.protocolmag.co.za

protecting against potential system

tampering. 

Thin clients have an obvious price and

reliability advantage over their (fat) PC

counterparts only if they can be properly

supported, provide the same functionality

and meet operational requirements. Thin

clients have found a natural niche in the

virtualisation and SCADA / HMI environment

because of their cost-effectiveness,

robustness, lack of moving parts such as

disc drives and ability to work in harsh

environments.

Their support is also much simpler than

going around and upgrading possibly

dozens of PCs because their “intelligence”

comes from one source.

Thin client support - ACP ThinManager Platform 5

The ThinManager Platform takes control of

resources in the modern factory

The number of software companies that

offer solutions for the modern workplace

is staggering. Browse any trade magazine

and the ads are plentiful with promises

to make you and your business more

efficient and profitable. Granted, many offer

viable solutions ranging from application

development to PLC programming, but in

practice, many fall short of their promised

ideals and still fail to fully address the real

needs of the modern plant floor.

Automation Control Products (ACP) was

created by a group of Integrators working

in process control environments every

day. The years spent repairing, replacing

and upgrading PCs on the factory floor

led to the idea that there should be a

better way to manage all of the computer

resources—hardware and software—in these

compromising and harsh environments.

This simple idea drove ACP to create

ThinManager.

Thin Clients make more sense than PCs

There are several issues with maintaining

PCs in plant floor environments but two that

are constant irritations are hard drives and

fans. Hard drives are susceptible to magnetic

interference and the vibration of heavy

machinery and assembly lines and computer

fans are always pulling dust and debris into

the box that eventually causes the PC to

overheat.

It was these facts among others that led

ACP to begin looking at thin clients as

an alternative to the expensive PC-based

systems that were literally failing every day.

Thin clients have no hard drives and no fans.

A better software solution

While thin client hardware was an excellent

(and cheap) replacement for PCs, setting

up and administrating a terminal services

environment proved difficult and time

consuming. The existing management tools

were also severely lacking. Available tools

do not offer enough functionality to manage

a thin client system properly—and so the

creation of ThinManager began.

The goal was a management tool that would

offer control over the thin client terminals

but also the terminal server systems

themselves. By fully managing both ends

of the thin client system, administrators

would have total control of the thin client

environment and therefore total control of

the plant floor. ACP also knew that industrial

customers would need extensibility, support

for touch-screens as well as sound and

video cards. ThinManager was designed to

provide such extensibility and has always

provided support for more of these than any

other solution available.

Reducing management costs and consolidating applications

Since saving time and money was the main

reason for creating ThinManager, these same

two goals have driven the functionality of

the software. An easy-to-use user interface,

allowing simple, wizard-based configuration

of terminals and servers was one of the

first things ThinManager performed.

ThinManager-Ready thin clients allow you to

easily connect to a terminal server to gain

access to Windows applications, without

necessarily exposing the full desktop and

Start menu to the operator. Applications

only need to be installed once on the

terminal server but can be deployed to

multiple users. This is still one of on the

greatest benefits of terminal services and the

time-savings it offers reduces system setup

time and costs right out of the box.

ThinManager also offers some very powerful

features at the server side of the thin client

system. Instant Failover allows for terminal

servers configured with ThinManager to

switch back and forth between servers in the

event of a server failure or if a server needs

to be taken down for routine maintenance.

The Instant Failover feature is so robust that

the thin client users are not even aware when

a server goes offline. This feature is part of

ThinManager’s “zero” downtime goal.

High availability is of course a necessity for

any plant solution and usually, if a PC fails,

your process naturally becomes unavailable.

However because of the nature of terminal

services architectures, should a thin client

fail, your process software continues to run,

uninterrupted. Replacement of a thin client

can be done by an unskilled operator and

within a few minutes the operator station is

fully functional once more.

More core functionality

After ThinManager was installed into several

large customer sites and proved itself as a

viable alternative to traditional PCs, ACP’s

customers began requesting even more

features from ThinManager. One of the

first was the ability to see more than one

session at each terminal. ACP addressed

the problem and the result is something we

call MultiSession. Now ThinManager-Ready

July/August 2012 | 57

thin clients can see multiple sessions by

accessing a simple drop-down menu.

ThinManager’s ability to see anything,

anywhere is what makes it such a powerful

tool for the factory floor. Built on top of the

MultiSession feature are other powerful

features like SessionTiling where you can tile

up to 25 sessions on a single screen. There

is also SmartSession which can balance the

load on a collection of terminal servers,

without the need to install a clustered

system.

Perhaps the most used feature to emerge

from MultiSession is MultiMonitor. Just

as the name states, MultiMonitor allows

multiple monitors to be attached to a single

terminal and display multiple sessions.

The ability to arrange sessions on multiple

monitors is virtually unlimited. Currently

ThinManager supports thin clients that allow

up to five monitors to run through a single

terminal.

Increased visualisation and enhanced security

Since ACP customers were finding

MultiSession so useful that ACP decided

to add even more functionality. IP cameras

were the next natural progression.

ThinManager allows a user to not only see

an image coming from an IP camera, but

lets them overlay that image on top of their

HMI. Now a worker could be at one end of

a baking oven and view the other end from

the terminal they are standing at without

having to walk back across the floor.

The IP camera feature can be combined

with ThinManager’s security module called

TermSecure to allow administrators to view

users when they log into a terminal. With

TermSecure, administrators can also deploy

programmes to specific terminals or users

and manage access through keyboard

logins, USB dongles or RFID cards that allow

users to “swipe in” instead of logging in.

This is an additional layer of security on top

of Window’s usernames and passwords.

The inherent security of thin client hardware

also allows factories to lock-down their

production environments even further. Thin

clients have no CD/DVD drives for loading

malicious content and ThinManager-Ready

thin clients have their USB drives disabled

by default. This means that employees are

not loading viruses, games or music onto

company hardware—and since there is no

hard drive present in the thin clients, there

is nothing to gain by theft of the unit nor is

there any data lost if a unit is taken.

New functionality will deliver virtualisation and mobile applications

Another technology ACP developers

see gaining traction in the IT world is

virtualisation. They believe this is another

resource that ThinManager can make easier

to manage for system administrators. Now,

just like they did with terminal services, ACP

is moving management of virtual resources

in the ThinManager tree giving ThinManager

administrators access to many of the same

features that are available in VMware’s

vSphere Client. ACP’s development team is

currently working on adding built-in support

for virtualisation. This will allow ThinManager

users to manage virtualisation and terminal

services at a much lower cost than previously

available.

If that were not enough, ACP has also

developed an application for Apple’s iOS

devices. Most of ThinManager’s capabilities

are now available on a mobile platform

for Apple’s iPhone and iPad. You can look

for this technology to expand into making

mobile devices become actual thin clients

themselves in the near future.

The final word

You would be hard-pressed to find as robust

a solution for managing your plant floor

environment as ThinManager. No other

management tool¬ takes control of all the

resources used in today’s modern factories

as completely as ACP’s ThinManager. With

more than 12 years in business, ThinManager

is a proven technology. Thousands of

companies in 30 countries, including one

in ten Fortune 500 companies, use ACP

ThinManager and ThinManager-Ready Thin

Clients for their daily operations.

Thin client computing for virtualisation and SCADA

58 | www.protocolmag.co.za

July/August 2012 | 59

Virtualisation needs high availability functionality

Product offerings

ftServer systems ensure uptime

assurance and operational

simplicity for:

• Wonderware System Platform

• Wonderware Application Server

• Wonderware InTouch® HMI for

terminal services

• Wonderware Historian

• Wonderware InBatch™ Software

• Wonderware Device Integration

I/O Servers

• Wonderware MES software

• Kepware KEPServer for

Wonderware

• ACP ThinManager® Platform

Whether you’re using thin clients or not,

server failures in critical production areas

and especially in a virtual computing

environment don’t only lead to costly

downtimes but can also have immediate and

serious consequences. Data loss, regulatory

non-compliance and health risks are just a

few of the hazards that can arise from even a

brief outage.

That’s why manufacturers running

critical Wonderware solutions rely on

fault-tolerant Stratus servers for continuous

24/7/365 uptime assurance. For nearly

a decade, Stratus ftServer systems have

delivered unsurpassed levels of reliability —

for both the server and operating system.

Today, ftServer uptime averages six nines

(i.e. 99.9999%), a number that translates to

less than 32 seconds of downtime per year.

Engineered to prevent failure

The ftServer architecture eliminates

single points of failure. Every system

comes equipped with replicated hardware

components, built-in Automated Uptime

technology and proactive availability

monitoring and management features.

These capabilities automatically diagnose

and address hardware and software errors

that would quickly halt processing

in other x86 servers. Even in the event of

a hard component failure, the duplicate

component simply continues normal

processing. As a result, your Wonderware

solutions run uninterrupted and your

critical data is fully protected from loss or

corruption — even data not yet written to

disk.

Why Invensys Wonderware customers choose Stratus

• Delivers industry-leading uptime

>99.999%

• Easy to set up and operate: load-and-go

simplicity; no need for sophisticated IT skills

• Simple to maintain: special features

include remote monitoring, diagnostics

and alerts; hot-swappable components;

no need for failover testing or scripts

• Provides comprehensive uptime

protection for Wonderware solutions

in Microsoft® Windows Server® and

VMware® vSphere™ environments

• Mission-critical services offer

comprehensive, 24/7 support and long-

term coverage plans

• Server consolidation: Wonderware System

Platform runs on a single, virtualised

ftServer system

Worry-free solutions that are simple to maintain

Real-time solutions place high demands

on hardware. When business needs

dictate continuous trouble-free

performance, the fault-tolerant ftServer

system is the right choice. Equipped

with Intel® Xeon® quad-core processors,

QuickPath Interconnect technology, up to

96 GB memory and 8TB of physical storage,

fifth-generation ftServer systems have

never been so right for critical heavy-duty

workloads. A choice of operating systems

adds to the versatility of ftServer solutions

and offers virtual environments the simplicity

of automatic “load-and-go” availability.

In any setting, Stratus’ advanced

technology makes these servers quick to

deploy, simple to manage and cost-effective

to own. Built-in self-diagnostics and “call-

home” capabilities automatically report

issues and, when necessary, the system even

orders its own hot swappable replacement

parts. No special IT skills are required to

replace hardware components, saving time,

effort and expense.

Virtualisation needs high availability functionality

60 | www.protocolmag.co.za

Acronyms

COBIT Control OBjectives for Information and related Technology

DR Disaster Recovery

HA High Availability

IDE Integrated Development Environment (ArchestrA)

IaaS Infrastructure as a Service

LAN Local Area Network

PaaS Platform as a Service

SaaS Software as a Service

SCSI Small Computer System Interface

SSD Solid State Drive

VM Virtual Machine or Virtual Memory

VMM Virtual Machine Monitor

WAN Wide Area Network

Cloud computing – Cloud computing is the delivery of computing as a

service rather than a product, whereby shared resources, software and

information are provided to computers and other devices as a utility (like

the electricity grid) over a network (typically the Internet).

COBIT – First released in 1996, COBIT is a framework created by ISACA

(Information Systems Audit and Control Association) for information

technology (IT) management and IT Governance. It is a supporting

toolset that allows managers to bridge the gap between control

requirements, technical issues and business risks.

Virtualisation dictionaryCores - Two or more independent actual processors that are part of a

single computing environment

Disaster Recovery (DR) - The organisational, hardware and software

preparations for system recovery or continuation of critical infrastructure

after a natural or human-induced disaster.

High Availability (HA) - A primarily automated implementation which

ensures that a pre-defined level of operational performance will be met

during a specified, limited time frame.

Hypervisor – In computing, a hypervisor, also called virtual machine

manager (VMM), is one of many hardware virtualisation techniques

allowing multiple operating systems, termed guests, to run concurrently

on a host computer. It is so named because it is conceptually one level

higher than a supervisory programme. The hypervisor presents to the

guest operating systems a virtual operating platform and manages the

execution of the guest operating systems. Multiple instances of a variety

of operating systems may share the virtualised hardware resources.

Hypervisors are very commonly installed on server hardware, with the

function of running guest operating systems, that themselves act as

servers.

Infrastructure as a Service (IaaS) - In this most basic cloud service

model, cloud providers offer computers – as physical or more often as

virtual machines –, raw (block) storage, firewalls , load balancers and

networks. IaaS providers supply these resources on demand from their

large pools installed in data centres. Local area networks including

IP addresses are part of the offer. For the wide area connectivity, the

Internet can be used or - in carrier clouds - dedicated virtual private

networks can be configured.

To deploy their applications, cloud users then install operating system

images on the machines as well as their application software. In

this model, it is the cloud user who is responsible for patching and

maintaining the operating systems and application software. Cloud

providers typically bill IaaS services on a utility computing basis, that is,

cost will reflect the amount of resources allocated and consumed.

Local Area Network (LAN) - A local area network (LAN) is a computer

network that interconnects computers in a limited area such as a

home, school, computer laboratory, or office buildings. The defining

characteristics of LANs, in contrast to wide area networks (WANs),

include their usually higher data-transfer rates, smaller geographic area

and lack of a need for leased telecommunication lines.

Paravirtualisation – A case where a hardware environment is not

simulated; however, the guest programmes are executed in their own

isolated domains, as if they were running on separate systems. Guest

programmes need to be specifically modified to run in this environment.

Platform as a Service (PaaS) - In the PaaS model, cloud providers

deliver a computing platform and/or solution stack typically including

July/August 2012 | 61

operating system, programming language execution environment,

database and web server. Application developers can develop and

run their software solutions on a cloud platform without the cost and

complexity of buying and managing the underlying hardware and

software layers. With some PaaS offers, the underlying computation and

storage resources scale automatically to match application demand such

that the cloud user does not have to allocate resources manually.

Private cloud - Private cloud is cloud infrastructure operated solely for a

single organisation, whether managed internally or by a third-party and

hosted internally or externally.

They have attracted criticism because users “still have to buy, build, and

manage them” and thus do not benefit from less hands-on management,

essentially “[lacking] the economic model that makes cloud computing

such an intriguing concept”.

Public cloud - Public cloud applications, storage, and other resources

are made available to the general public by a service provider. These

services are free or offered on a pay-per-use model. Generally, public

cloud service providers like Microsoft and Google own and operate the

infrastructure and offer access only via Internet (direct connectivity is not

offered).

Software as a Service (SaaS) - In this model, cloud providers install and

operate application software in the cloud and cloud users access the

software from cloud clients. The cloud users do not manage the cloud

infrastructure and platform on which the application is running. This

eliminates the need to install and run the application on the cloud user’s

own computers simplifying maintenance and support. What makes a

cloud application different from other applications is its elasticity. This

can be achieved by cloning tasks onto multiple virtual machines at run-

time to meet the changing work demand. Load balancers distribute the

work over the set of virtual machines. This process is transparent to the

cloud user who sees only a single access point. To accommodate a large

number of cloud users, cloud applications can be multitenant, that is, any

machine serves more than one cloud user organisation. It is common to

refer to special types of cloud based application software with a similar

naming convention: desktop as a service, business process as a service,

Test Environment as a Service, communication as a service.

The pricing model for SaaS applications is typically a monthly or yearly

flat fee per user

Virtualisation - In computing, this is the creation of a virtual (rather than

actual) version of something, such as a hardware platform, operating

system, a storage device or network resources. It’s a concept in which

access to a single underlying piece of hardware (like a server) is

coordinated so that multiple guest operating systems can share that

single piece of hardware with no guest operating system being aware

that it is actually sharing anything. In short, virtualisation allows for two

or more virtual computing environments on a single piece of hardware

that may be running different operating systems and decouples users,

operating systems and applications from physical hardware.

Virtualisation types:

Hardware - Hardware virtualisation or platform virtualisation refers

to the creation of a virtual machine that acts like a real computer with

an operating system. Software executed on these virtual machines is

separated from the underlying hardware resources. For example, a

computer that is running Microsoft Windows may host a virtual machine

that looks like a computer with Ubuntu Linux operating system with the

result that Ubuntu-based software can be run on the virtual machine.

In hardware virtualisation, the host machine is the actual machine on

which the virtualisation takes place and the guest machine is the virtual

machine. The words host and guest are used to distinguish the software

that runs on the actual machine from the software that runs on the virtual

machine. The software or firmware that creates a virtual machine on the

host hardware is called a hypervisor or Virtual Machine Monitor.

Different types of hardware virtualisation include:

• Full virtualisation - Almost complete simulation of the actual

hardware to allow software, which typically consists of a guest

operating system, to run unmodified

• Partial virtualisation - Some but not all of the target environment

is simulated. Some guest programmes, therefore, may need

modifications to run in this virtual environment.

• Paravirtualisation - A hardware environment is not simulated;

however, the guest programmes are executed in their own

isolated domains, as if they were running on separate systems.

Guest programmes need to be specifically modified to run in this

environment

1. Desktop - Desktop virtualisation is the concept of separating the

logical desktop from the physical machine. One form of desktop

virtualisation, virtual desktop infrastructure (VDI), can be thought as

a more advanced form of hardware virtualisation: Instead of directly

Virtualisation dictionary

62 | www.protocolmag.co.za

interacting with a host computer via a keyboard, mouse and monitor

connected to it, the user interacts with the host computer over a network

connection (such as a LAN, Wireless LAN or even the Internet) using

another desktop computer or a mobile device. In addition, the host

computer in this scenario becomes a server computer capable of hosting

multiple virtual machines at the same time for multiple users.

Another form of desktop virtualisation, session virtualisation, allows

multiple users to connect and log into a shared but powerful computer

over the network and use it simultaneously. Each is given a desktop

and a personal folder in which they store their files. With Multi-seat

configuration, session virtualisation can be accomplished using a single

PC with multiple monitors, keyboards and mice connected.

Thin clients, which are seen in desktop virtualisation, are simple and/

or cheap computers that are primarily designed to connect to the

network; they may lack significant hard disk storage space, RAM or even

processing power but in this environment, this matters little.

Using Desktop Virtualisation allows companies to stay more flexible in an

ever changing market. Having Virtual Desktops allows for development

to be implemented quicker and more expertly. Proper testing can also

be done without the need to disturb the end user. Moving the desktop

environment to the cloud also allows for less single points of failure in the

case where a third party is allowed to control the company’s security and

infrastructure.

2. Software – Software virtualisation includes the following:

• Operating system-level virtualisation - The hosting of multiple

virtualised environments within a single OS instance

• Application virtualisation and workspace virtualisation - The hosting

of individual applications in an environment separated from the

underlying OS. Application virtualisation is closely associated with

the concept of portable applications.

• Service virtualisation – This involves emulating the behaviour of

dependent (e.g. third-party, evolving, or not implemented) system

components that are needed to exercise an application under test

(AUT) for development or testing purposes. Rather than virtualising

entire components, it virtualises only specific slices of dependent

behaviour critical to the execution of development and testing tasks.

3. Memory - Memory virtualisation means aggregating RAM resources

from networked systems into a single memory pool. This leads to the

concept of Virtual Memory, which gives an application programme the

impression that it has contiguous working memory, isolating it from the

underlying physical memory implementation.

4. Storage - Storage virtualisation is the process of completely

abstracting logical storage from physical storage

5. Data - Data virtualisation is the presentation of data as an abstract

layer, independent of underlying database systems, structures and

storage. Database virtualisation is the decoupling of the database

layer, which lies between the storage and application layers within the

application stack.

6. Network - Network virtualisation is the creation of a virtualised

network addressing space within or across network subnets

Virtual Machine (VM) – A virtual machine is a software implementation

of a machine (i.e. a computer) that executes programmes like a physical

machine. Virtual machines are separated into two major categories,

based on their use and degree of correspondence to any actual machine.

A system virtual machine provides a complete system platform which

supports the execution of a complete operating system (OS). In contrast,

a process virtual machine is designed to run a single programme, which

means that it supports a single process. An essential characteristic of

a virtual machine is that the software running inside is limited to the

resources and abstractions provided by the virtual machine—it cannot

break out of its virtual world.

Virtual Memory – The concept whereby an application programme has

the impression that it has contiguous working memory, isolating it from

the underlying physical memory implementation.

Wide Area Network (WAN) - A WAN is a telecommunication network

that covers a broad area (i.e. any network that links across metropolitan,

regional or national boundaries). Business and government entities

use WANs to relay data among employees, clients, buyers and

suppliers from various geographical locations. In essence this mode of

telecommunication allows a business to effectively carry out its daily

function regardless of location.

Acknowledgement: Most of the definitions in this dictionary are sourced

from Wikipedia

July/August 2012 | 63

Events - MESA SA “Adapt or Die” 2012 Conference

The MESA SA Executive

Committee announces that

the 2012 MESA Conference is

scheduled for 13th and 14th of

November 2012 at the Indaba

Hotel, Fourways. The format of

the Conference has changed

considerably as result of user

requests.

On the first morning of the conference, MESA SA will run the first

Executive Education Programme session in South Africa, designed by

the MESA Global Education Programme (GEP) members. This session

is a half-day session specifically aimed at the busy executive that

cannot afford to be out of the office for a full day or more. The session

provides an overview of MES/MOM, where it fits in the organisation,

the difference between MES/MOM and ERP systems, where and how

to deploy MES/MOM and the benefits and pitfalls of MES/MOM

deployments.

After lunch on the 13th, the conference proceedings will kick off with

an international speaker followed by user case-studies and concluding

with a networking session for the delegates. As per request from our

vendors and sponsors, MESA SA also plans to have an exhibition hall

available this year where teas and lunches will be served. This will give

the exhibitors more time to interact with users and provide exhibitors

more space than previous years.

On the 14th, the conference will kick off with a motivational speaker

followed by more user case-studies. The conference will conclude at

afternoon tea so that travellers can catch their flights home.

In addition to the conference, MESA SA is also holding a post-

conference training programme on the 15th and 16th of November to

present the two-day Certificate of Awareness (CoA) GEP training. This

training is aimed at operational and project managers responsible for

MES/MOM systems and sales and marketing people from vendors. 32

MES/MOM professionals in South Africa did this training last year and

the training received great reviews. Registration for this training can be

done directly on the MESA International website (www.mesa.org).

Please keep this date open and watch the press and social media for

further details.

The planned Agenda is as follows:

13th November

08:30 – 12:00 MESA Global Executive Education Programme

presented by Jan Snoeij from Logica and MESA

EMEA

12:00 – 13:00 Lunch in Exhibition Hall

13:00 – 15:30 International speaker and user case studies

15:30 – 17:00 Networking session

14th November

08:30 – 12:00 Motivational speaker and user case studies

12:00 – 13:00 Lunch in Exhibition Hall

13:00 – 15:30 User case studies

15:30 – 16:00 Afternoon tea

16:00 Delegates depart

15th November

08:30 – 17:00 Post Conference Training – MESA Global

Education Programme Certificate of Awareness

16th November

08:30 – 15:00 Post Conference Training – MESA Global

Education Programme Certificate of Awareness

MESA SA “Adapt or Die” 2012 call for papers

MESA Southern Africa is sending out a Call for Papers for the

conference scheduled for 13th and 14th November this year. The

theme of the conference is “Adapt or Die”.

Any papers and presentations explaining how your company adapted

your manufacturing operations to:

• Changing market conditions,

• Changes in the skills make-up of your company,

Events - MESA SA “Adapt or Die” 2012 Conference

64 | www.protocolmag.co.za

• Changes in the systems landscape,

• Changes in the market, or

• Changes within your suppliers or raw materials will be suitable.

Presentations are also welcome that discuss any new or different

way your company is looking at any aspect within the Operations

Management environment (Maintenance, Production, Quality,

Inventory) and has implemented a project to support for instance:

• People,

• Equipment,

• Materials,

• Products,

• Capacity,

• Production Schedule, or

• Operations Performance.

The MESA SA executive committee will be looking for real-life case

studies that indicate how your company changed or adapted your

way of working in order to adapt to the changing environment or to

increase the cost-effectiveness of your operations.

The best speaker at the conference (as decided by the MESA SA

Executive committee) will get an i-Pad as a prize.

Please look at the following dates if you have a good story to tell and

send in your submission/contribution.

• Abstract due (120 – 250 words) – 17 August 2012

• Evaluation complete – 31 August 2012

• Presentation Due – 19 October 2012

Please send your abstracts to gerhard.greeff@bytes.co.za and

daniel.spies@sappi.com.

MESA SA “Adapt or Die” 2012 call for sponsors and exhibitors

Various exhibition and sponsorship opportunities will be available for

interested vendors and integrators.

We are looking for the following sponsors:

• Platinum sponsor – This sponsor will be allowed to erect banners in

the actual conference/speaker venue as well as get a free Exhibitor

space in the Exhibitor Hall. The Platinum Sponsor will also be

recognised as such on the Programme and printed and electronic

media going out before and on the conference day. This sponsor will

also get special mention during the conference proceedings and will

have the opportunity to add brochures and literature to the delegate

bags.

• International Speaker Sponsorship - This sponsor will be

recognised as the GOLD SPONSOR and will get a free Exhibitor

space in the Exhibitor Hall. The Gold Sponsor will also be recognised

as such on the Programme and printed and electronic media going

out before and on the conference day. This sponsor will also get

special mention during the conference proceedings.

• Speaker gifts – This sponsor will be recognised on the Programme

and printed media

• Networking session – This sponsor will be recognised on the

Programme and printed media

• Best Speaker prize (i-Pad) – This sponsor will be recognised on the

Programme and printed media

• Name tags and delegate bags – This sponsor will be recognised on

the Programme and printed media

• Exhibitors - The exhibitors will be recognised on the programme

and printed media

If you are interested in any of the above sponsorships and related costs,

please contact gerhard.greeff@bytes.co.za and daniel.spies@sappi.

com.

July/August 2012 | 65

Use Protocol Magazine to generate business opportunitiesProtocol magazine continues to be well

received on a bi-monthly basis by 6500

industry professionals like you, at every

level of the country’s leading mining

and manufacturing companies. You can

leverage this highly-qualified readership

to be heard.

How do you promote yourself right now?

Some of the things you might be doing

could include inserting opinion pieces,

adverts, editorials and other material

into South Africa’s leading manufacturing

and mining magazines. A good choice

since these are excellent and professional

publications that land on decision-makers’

desks every month.

What Protocol offers is all the advantages

of a professional magazine with a large

circulation but the cherry on the cake is

that all the readers of Protocol have one

thing in common – Wonderware solutions

in the areas of SCADA, MES, EMI, BPM and

enterprise integration – in fact, anything to

do with industrial and corporate production

IT. Everything in Protocol is aimed at helping

end users get more from their Wonderware

investment and trigger them to look at new

possibilities. Nobody wants to reinvent a

costly development or investigation wheel

and what you have to offer will go a long way

to stopping that happening.

Let’s think for a minute about your perfect

promotion vehicle and what it should do for

you:

• It must convey your message in a

professional manner to a large, targeted

and qualified audience

• It must generate incremental business (if

you’re a solution supplier) or recognition

(if you’re an end-user)

• It must generate market awareness of

your capabilities

• It must do all that at a reasonable cost

Protocol magazine meets all these criteria.

If you’re an end-user, your stakeholders are

most interested to know how well you’re

looking after their interests by lowering costs

and improving efficiency. Your colleagues

in the industry are keen to see how you’ve

implemented Wonderware solutions so that

they can evaluate if these will have the same

benefits in their environments.

If you’re a system integrator, end-users

want to know what you’ve done so that they

can consider you as a solution supplier for

their next project.

If you’re a hardware or software vendor,

end-users and system integrators want to

know about how well your offerings work

in the Wonderware environment and how

they can help them do a better and more

cost-effective job.

What medium will work best for you?

Success stories:

They won’t cost you a cent and you don’t

have to write them. Simply send an e-mail

to your account manager stating that you

have the makings of a good story and why

you think it is so. You will then be sent a

Guideline and a Permission to Publish form

to complete and return.

The Guideline is in the form of prompts to

which you supply the answers to the best of

your ability. This, together with the graphical

information required, will be used to write

the article which will be sent back to you for

editing, approval, etc.

The Permission to Publish form must be

signed by the end-user of the installation

and system integrator / solution vendor

(if applicable) before work on the article is

started. This ensures that all the work that

goes into compiling the story will not be

wasted.

You are free to use the completed success

story in any marketing sense you wish and

you have hundreds of examples on our

web site and in past issues of A2ware and

FutureLinx.

Opinion Pieces:

Once again, there’s no cost involved and

you don’t have to worry about probably

not having majored in English. Decide on a

central theme and the idea(s) you want to

put across, then jot down all the reinforcing

arguments you can think of (as well as

references if applicable). Also include any

supporting graphics you feel will better

illustrate the point.

Send your draft article to your account manager

and, if necessary, we’ll make the necessary edits

before returning it to you for approval.

Comments to the editor, Q&As, Product and/or service information:

Send your submissions to Denis your

account manager and they (as well as the

Use Protocol Magazine to generate business opportunities

66 | www.protocolmag.co.za

answers) will be published in the next issue

(if interesting and relevant).

Material formats

Text – In Microsoft Word format

Graphics – In PowerPoint, Bitmap or JPEG

format (the last two in the highest possible

resolution you have)

Advertising:

For all your advertising requirements –

including the drafting of effective adverts

from scratch – contact Heather Simpkins at

The Marketing Suite.

So what are we really saying?

As an end-user or supplier of Invensys

Wonderware and associated solutions, you

form part of the world’s largest ecosystem

of professionals in the fi elds of industrial

automation and the delivery of actionable

intelligence from the shop fl oor to the top

fl oor.

That makes you pretty special.

That makes what you have to say signifi cant

and important.

In other words, what you have to say matters

and we have made it as easy as possible for

you to say it!

You will be talking to people with the same

reality as you and who have the same

problems and concerns.

So, what we’re really saying is, use Protocol

magazine to say what you believe needs

to be said.

i Did you know that if you don’t talk to anyone, they’re not likely to talk to you or send orders?

Services

and Support

July/August 2012 | 67

Use Protocol Magazine to generate business opportunities

Services

and Support

68 | www.protocolmag.co.za

2012 Training Schedule(Johannesburg)

InTouch Part 1 Fundamentals (includes New Graphics)

• 2 - 6 July

• 30 July – 3 August

• 3 – 7 September

• 8 – 12 October

• 29 October – 2 November

• 26 – 30 November

InTouch Part 2 Advanced (includes New Graphics)

• 4 – 8 June

• 9 – 13 July

• 10 – 14 September

• 5 – 9 November

System Platform – Application Server (includes new graphics)

• 7 – 11 May

• 25 – 29 June

• 23 – 27 July

• 27 – 31 August

• 1 – 5 October

• 19 – 23 November

Historian (includes ActiveFactory and Wonderware Information Server)

• 14 – 18 May

• 18 – 22 June

• 20 – 24 August

• 17 – 21 September

• 15 – 19 October

• 12 – 16 November

• 3 – 7 December

NOTE:

The dates shown apply to training

at our offi ces in Bedfordview,

Johannesburg. Regional training is

presented on demand. A minimum of

six delegates is required to arrange

a course.

Regional training venues:

Durban: Khaya Lembali,

Morningside.

Cape Town: Durbanville Conference

Centre.

Port Elizabeth: Pickering Park

Conference Centre, Newton Park.

i Did you know that your bottom line is directly proportional to the effectiveness of your workforce?

As the owner of some of the world’s most

popular, advanced and versatile industrial

automation, information and MES software

solutions, you’ll want to get the most

from your investment and that includes

getting the best training in the business.

We routinely train about 600 professionals

like you every year not only on how to use

our solutions but how to turn our product

features into real business benefi ts.

So, let us suggest a training curriculum best

suited to your needs. For all your training

requirements, contact Emmi du Preez at

emmi.dupreez@wonderware.co.za or

call her on 011 607 8286

July/August 2012 | 69

Support – Customer FIRSTIn a nutshell ...

Comprehensive Services

Customer FIRST is not just technical

support, it’s a comprehensive

programme to help you manage your

systems and protect your investments.

Real Value

Customer FIRST members enjoy the

many benefits of a closer collaborative

relationship with Invensys.

• Responsive services

• Depth of expertise

• Proactive planning

• Continuous performance monitoring

• Emergency contingency provisioning

• Deep discounts on hardware

• Software and services

These important elements make the

Customer FIRST membership an

essential part of your business success.

Maximise asset performance

Downtime costs businesses millions of Rand

- Customer FIRST support gives you options

to maximise productivity by keeping your

operations running smoothly.

Outages, both planned and unplanned,

are costly; businesses increasingly need to

employ effective pre-emptive strategies

to reduce risks and employ efficient and

effective resourcing strategies to ensure that

non-productive time is kept to a minimum.

Customer FIRST is not just technical support,

it’s a comprehensive programme to help

you manage your systems and maximise the

performance of your assets.

Downtime hurts - Customer FIRST can help

Even the most reliable equipment requires

downtime, perhaps for routine maintenance,

preventative maintenance, upgrades or

replacement. You need to ensure that

downtime is kept to a minimum and to

ensure that there is minimal production loss

as a result.

• Customer FIRST provides you with

access to great hardware maintenance,

software maintenance and comprehensive

lifecycle management services to help

you optimise your planned downtime and

minimise unplanned downtime events.

Recovery time is critical and any delays

in acquiring either replacement parts, or

the expertise required to quickly resolve

problems, can have a significant financial

impact on your business.

• Customer FIRST provides you with timely

access to critical spare parts with the

ability to manage spares more easily and

ensure the reliability of your systems.

What’s more, extended downtime presents

other risks to your business such as failing

to meet contractual obligations to your

customers and the loss of business that

may ensue.

• Customer FIRST also gives you access

to Invensys technical resources to

help you ensure that your system is

back to capacity in as short a time as

possible. Our world-class global service

organisation is available locally, so the

help you need is never far away.

Asset performance is not just about

maximising availability though; you need

to ensure that your assets are working to

their maximum potential. You also need

to minimise the risk to your business of

missed schedules, poor quality or regulatory

violations, with the business consequences

that may follow.

Customer FIRST gives you proactive remote

health monitoring services to spot warning

signs before problems occur and advanced

consulting services to tune your systems to

maximum performance.

Customer first – our mission: your success

Customer FIRST membership gives you

access to award-winning technical support,

hardware and software maintenance

services, lifecycle management and remote

Services, training and consulting services

and much more. The programme provides

you with comprehensive services and flexible

options to choose exactly the right kind of

programme to suit your business needs and

help you to maximise asset performance.

Contact information

Support Telephone Number:

0861-WONDER (0861-966337) or

0800-INVENSYS (Toll Free)

E-mail: support@wonderware.co.za or

support@invensys.co.za

Support – Customer FIRST

70 | www.protocolmag.co.za

On the lighter sideThe world’s greatest philosophers could learn a thing or two from this lot:

• If life gives you lemons, stick them down

your shirt and make your boobs look

bigger.

• Just because nobody complains doesn’t

mean all parachutes are perfect.

• When the pin is pulled, Mr. Grenade is not

our friend.

• Great minds discuss ideas. Average

minds discuss events. Small minds discuss

people.

• If things get better with age, I’m

approaching magnificent!

• Suppose you were an idiot. And suppose

you were a member of parliament. But I

repeat myself.

• What happens if a big asteroid hits

Earth? Judging from realistic simulations

involving a sledge hammer and a common

laboratory frog, we can assume it will be

pretty bad.

• We don’t see things as they are; we see

things as we are.

• My wife submits and I obey, she always lets

me have her way.

• Diarrhoea is hereditary... it runs in your

jeans

• I named my dog ‘Herpes’ because he

won’t heel

• Save the trees, wipe your butt with an owl

• I went to my doctor and asked for

something for persistent wind. He gave

me a kite.

• The great thing about democracy is

that it gives every voter a chance to do

something stupid.

• Snowmen fall from Heaven unassembled.

• If all else fails, immortality can always be

assured by spectacular error.

• That all men are equal is a proposition

which, at ordinary times, no sane

individual has ever given his assent

• A marriage is always made up of two

people who are prepared to swear that

only the other one snores.

• Marriage is an institution consisting of a

master, a mistress and two slaves, making

in total, two.

• In some cultures, what I do would be

considered normal.

• One of my pet peeves is women who

don’t put the toilet seat back up when

they’re finished.

• I don’t have a sense of decency. That way,

all my other senses are enhanced.

• Anatidaephobia: The fear that

somewhere, somehow, a duck is watching

you.

• Do not argue with an idiot. He will drag

you down to his level and beat you with

experience.

• The last thing I want to do is hurt you. But

it’s still on the list.

• If I agreed with you, we’d both be wrong.

• We never really grow up; we only learn

how to act in public.

• Knowledge is knowing a tomato is a fruit;

Wisdom is not putting it in a fruit salad.

• The early bird might get the worm, but

the second mouse gets the cheese.

• Evening news is where they begin with

‘Good evening,’ and then proceed to tell

you why it isn’t.

• To steal ideas from one person is

plagiarism. To steal from many is research.

• A bus station is where a bus stops. A train

station is where a train stops. My desk is a

work station.

• How is it one careless match can start a

forest fire, but it takes a whole box to start

a campfire?

• Dolphins are so smart that within a few

weeks of captivity, they can train people

to stand on the very edge of the pool and

throw them fish.

• I thought I wanted a career; turns out I just

wanted paycheques.

• A bank is a place that will lend you money

if you can prove that you don’t need it.

• Whenever I fill out an application, in the

part that says “In an emergency, notify:” I

put “ A DOCTOR.”

• I didn’t say it was your fault, I said I was

blaming you.

• Why does someone believe you when you

say there are four billion stars, but check

when you say the paint is wet?

• Behind every successful man is his

woman. Behind the fall of a successful

man is usually another woman.

• A clear conscience is usually the sign of a

b a d memory.

• The voices in my head may not be real,

but they have some good ideas!

• I discovered I scream the same way

whether I’m about to be devoured by a

great white shark or if a piece of seaweed

touches my foot.

• Some cause happiness wherever they go.

Others, whenever they go.

• There’s a fine line between cuddling and

July/August 2012 | 71

On the lighter side

holding someone down so they can’t get

away.

• I used to be indecisive. Now I’m not sure.

• I always take life with a grain of salt... plus

a slice of lemon... and a shot of tequila.

• You’re never too old to learn something

stupid.

• To be sure of hitting the target, shoot first

and call whatever you hit the target.

• Nostalgia isn’t what it used to be.

• A bus is a vehicle that runs twice as fast

when you are after it as when you are in it.

• Change is inevitable, except from a

vending machine.

• Friday, I was in a bookstore and I started

talking to a French looking girl. She was

a bilingual illiterate - she couldn’t read in

two different languages.

• If toast always lands butter-side down,

and cats always land on their feet, what

happen if you strap toast on the back of a

cat and drop it?

• The other day, I was walking my dog

around my building... on the ledge. Some

people are afraid of heights. Not me, I’m

afraid of widths.

• When I have a kid, I want to buy one of

those strollers for twins. Then put the kid

in and run around, looking frantic. When

he gets older, I’d tell him he used to have

a brother, but he didn’t obey.

• Sometimes I think the surest sign that

intelligent life exists elsewhere in the

universe is that none of it has tried to

contact us.”

• ‘If women are so bloody perfect at

multi-tasking, how come they can’t have a

headache and sex at the same time?

72 | www.protocolmag.co.za

Protocol Crossword #55

When you’ve completed the crossword, the letters in the coloured

boxes spell out the name of the Invensys foundation for all applications

that now supports virtualisation.

Note: This magazine contains the answers to a number of the clues.

E-mail your answer to: editor@wonderware.co.za. The sender of the

first correct answer received will get a hamper of Invensys Wonderware

goodies.

Clues across: 1. The creation of something other than the real thing

(14)

13. Object-Oriented Programming (3)

14. Small willow used for basket work (5)

15. Is it a car? Is it a skirt? (4)

17. Part of a train (7)

20. Not Miss or Mrs (2)

21. Cunning animals (5)

22. Cash register (4)

23. Difficult and tiring (7)

25. Eggs (3)

26. User Requirement Specification (3)

28. A dog will let out one if you hurt him (4)

29. Skeletons are made of them (5)

31. Aluminium symbol (2)

32. Ocean (3)

33. Volcanic rock (2)

35. Real Time (2)

36. Many can be saved with proper safety measures (5)

37. The world-wide web (8)

41. Royal Navy (2)

42. Places where you might pitch a tent (9)

44. It’s all around us (3)

46. Electrical Engineering (2)

47. Prefix attached to everyday words to add a

computer, electronic or online connotation (especially

to 32 down) (5)

49. 7 down greatly improves the quality of this (8)

53. Doctors’ prescriptions are notoriously not this (7)

54. Melodious sound (5)

56. Industrious island (6)

58. Friend (U.K. and Australia) (4)

59. Messy with “un” in front (4)

62. Not old (3)

64. Range of numbers expressing the relative acidity or

alkalinity of a solution (2)

65. Future Value (of an investment) (2)

66. Not me (3)

67. They’re good for you (6)

70. Elsa was born this way (4)

72. Old horse (3)

75. Commercial stomach settler (3)

76. One who is the ultimate beneficiary of Invensys

solutions (4)

77. Measures to ensure that a pre-defined level of

operational performance will be met during a specified,

limited time frame (4,12)

Clues down:1. SimSci-Esscor has elegant solutions in this area (7,7)

2. Makes liquid cloudy by stirring up sediment (5)

3. The GFIP introduced this highly unpopular way of

getting extra revenue (4)

4. Universal Product Code (3)

5. Truck (5)

6. Exists (2)

7. The technique of representing the real world by a

computer programme (10)

8. Fable guy (5)

9. Transmit Ready (data coms.) (2)

10. Operational Management Office or washing powder

(3)

11. Tricky Dicky (U.S. president) (5)

12. The infrastructure for system recovery after a natural

or human-induced catastrophe (8,8).

16. Not ever (5)

18. It owns and flies passenger aircraft (7)

19. Car body (2)

21. Full Service Banking (3)

24. University officials (5)

27. Flat-topped hill or mountain (Mexico) (4)

30. Small number (3)

32. The tighter these measures, the less likely systems

are likely to be hacked (8)

34. Raw material before metal is extracted (3)

37. Intellectual Property.

38. Movie alien (2)

39. National Senior Certificate (3)

40. You might start running one in a bar, for example (3)

45. Id est (in other words) (2)

48. Young in appearance and manner (8)

49. Old Germiston registration (2)

50. American Bar Association (3)

51. More recent (5)

52. Depart (2)

54. Paper sat-nav? (3)

55. Compass point (2)

57. Used in Iraq with shock (3)

60. Most volcanically active body in the solar system (2)

61. What’s brown and sounds like a bell? (4)

63. Girl’s name (4)

65. Imperial unit of measurement (4)

68. Slippery fish (3)

69. Cry uncontrollably (3)

71. Regional System Integrator (3)

73. Expression of surprise (2)

74. Gallium symbol (2)

Answer to Protocol crossword #54:

Question: What is Invensys Operations

Management’s name for its all-inclusive

enterprise control system?

Answer: InFusion

Achieving competitive and efficient process plant operation is an increasingly tough challenge in today’s fast moving business environment.

Measurement Under Control

Selecting the most reliable and longest life measurement instrumentation is more important than ever. Invensys Foxboro offers time proven innovative measurement solutions that make this possible, leading the way with longer life pH, redox and conductivity measurement sensors and instrumentation.

View our full range of measurement tools and instrumentation at:

www.invensys.co.za or call 0800 INVENSYS for more information

Get Intouch with your artistic side that craves performance

An HMI and way more.Wonderware InTouch®

Creating powerful visualisation and supervisory apps is a snap with the world’s number one HMI software.

iom.invensys.com/InTouchFor more information, call us on 0800 INVENSYS

Avantis Eurotherm Foxboro InFusion SimSci-Esscor Skelta Triconex Wonderware

© Copyright 2012. All rights reserved. Invensys, the Invensys logo, Avantis, Eurotherm, Foxboro, IMServ, InFusion, Skelta, SimSci-Esscor, Triconex and Wonderware are trademarks of Invensys plc, its subsidiaries or affiliates. All other brands and product names may be trademarks of their respective owners.